This post is automatically translated with LLM. The translation content has NOT been reviewed and may contain errors.
As we all know, CAPTCHAs exist to prevent machines from brute-forcing passwords or spamming comments with advertisements. Typically, a CAPTCHA consists of 4 digits with some interference lines to thwart brute-force attacks as much as possible.
The problem is... there's also a kind of absurd CAPTCHA in this world. Image source: http://imbushuo.net/archives/58.
I just want to say: What's the point of this CAPTCHA? Any random program could extract and auto-fill it. According to imbushuo:
What』s more, the verification process is completed in the client side…(later I found that I could bypass the CAPTCHA by sending the HTTP request directly.)He actually wrote a program that logged in successfully without even sending back the CAPTCHA!
This CAPTCHA is truly "impressive." Then I saw this push notification from WooYun Vulnerability Platform on WeChat:
WooYun, you win.