[WEB SECURITY] my website captcha broken??

BlackHawk hawkgotyou at gmail.com
Sat Jan 31 06:45:42 EST 2009


can you provide a link to your capcha? (better the source code of it, but at
least a link..)

i think there are 2 possibility:

1 - the capcha showhes normal digits, without any distorsion, so it's
possible to make a program to read them.
2 - the capcha is not properly made, so it's possible to predict the digits
from the html code, or it's not properly code so the auth it's not
necessary..

2009/1/31 Luis Matus <matus.investiga at gmail.com>

> I need some advice. I work for a company that provides sms service on line
> from our web  site. The websites uses captcha but some how hackers have
> been able to break the captcha or work around it, because they (hackers)
> have created a web capable to send sms through  our website.
>
> I've know they're using our web site  because  whe can see their website
> server IP in our database logs.
>
>
> Do you have any pointers of how could the problem be adressed?
>
> Perhaps you might have some similar stories that may give me a clue of how
> they did it?
>
> Greetings.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090131/4a28ab7f/attachment.html>


More information about the websecurity mailing list