Gently bypass your verification code and launch attacks

Xing Xue was one of the famous hacker's artifacts "Knife, light, and snow shadows" in his early years. Its function was to Crack forms by force, which was very popular at that time. However, with the verification code, the snow was almost pushed to the dead end. But is it really a dead end? This article gives you the answer.

For the verification code mechanism, online attack methods use mathematical methods to analyze images. Of course, we cannot always follow others' ideas to make things more creative.

The idea of thinking about the verification code is to access a script file every time you log on to the site. This file generates an image containing the verification code and writes the value to the session, when submitting the verification code, verify the login script to determine whether the submitted verification code is consistent with that in the session.

The problem arises. After the login password is incorrect, we will not access the file that generates the verification image. If the verification code in the session is not cleared, the verification code will be the same as the previous one, the hard-to-build brute-force cracking protection is just a false one.

The administrator login page of powereasy2005 is a good example. As long as we identify the verification code we accessed for the first time and submit the cookie value for this session, we can implement brute-force cracking. As shown in the figure, the results are cracked with the snow ).

Similar cases include pjblog2 login verification. Other programs did not look at it, and they are physically active and not fun.

The vulnerability in verification code can also be used to implement DOS (and click vote, huh, huh). For example, this issue exists in the csdn Blog system and the verification code replied, so you can capture packets and submit them continuously (hello, say yes first, you are not allowed to test with me ).

This time, the BBS has done a good job. After the password is incorrect, the verification code value in the session is set to null, and the verification code is checked to be empty each time. Therefore, if you want to fix this vulnerability, refer to the method of moving the network.