[<prev] [next>] [day] [month] [year] [list]
Message-ID: <008301cadfd5$3034df80$010000c0@ml>
Date: Mon, 19 Apr 2010 18:29:25 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Fixing vulnerabilities in captcha-scripts
mentioned in my last advisories
Hello Full-Disclosure!
Last Friday (16.04.2010) I wrote a letter to Bugtraq, when I was answering
to letter of reader of the list, with my recommendations of fixing
vulnerabilities in captcha-scripts mentioned in my last advisories. Which is
related as to CB Captcha, as to all web applications which include
CaptchaSecurityImages.php.
Because my letter was still not published at Bugtraq, I decided to send it
to Full-Disclosure mailing list, in case if it'll be useful for readers of
the list (which is interested in fixing such holes in their captchas). The
letter is provided bellow.
P.S.
When I'll find time, I'll answer at letters of those readers of the list who
wrote me recently regarding vulnerabilities in CaptchaSecurityImages.php (so
don't worry about that).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "MustLive"
To: "Matteo Valenza"
Cc: <bugtraq@...urityfocus.com>
Sent: Friday, April 16, 2010 11:33 PM
Subject: Re: Vulnerability in CB Captcha for Joomla and Mambo
Hello Matteo Valenza!
> how can i solve this issue quickly ?
There are the next solutions for you:
1. Wait until developers of CB Captcha released new fixed version of the
plugin. They are examining this vulnerability for some time already (at
least Beat, developer of CB Captcha 2.x, because from two authors only he
answered me). But Beat told me, that they will be releasing the new fixed
version not very quickly (due to their standardized bugfixing process), so
users of CB Captcha will need to wait for new release.
2. Contact Beat and ask him when developers will be releasing new version of
plugin and to hurry them.
3. Fix the hole manually. It's the most quickest solution and it's possible
that you was asking exactly about it.
To fix this vulnerability in CB Captcha you need to do, what I recommend to
developers of the plugin - to use standard algorithm of fixing such captcha
bypass method, which I called session reusing with constant captcha bypass
method and described in details in my MoBiC project in 2007. And it concerns
all captcha-programs which are using sessions.
The algorithm of fixing this issue in CaptchaSecurityImages.php (and it's
concerns to CB Captcha and to all those webapps with this captcha in my last
advisories, where I mentioned that) was described by developers of
CaptchaSecurityImages.php already at 27.03.2007 at their site
(http://www.white-hat-web-design.co.uk/articles/php-captcha.php). For that
you need to clear session variable "security_code" (or other name which is
used in the code of specific webapp). Use unset($_SESSION['security_code']);
in the code when you are processing the form.
This solution can be used for all affected web applications mentioned by me
in last advisories (that have this hole). But concerning CB Captcha if it
works in Joomla 1.0 and Mambo, it doesn't work in Joomla 1.5, because it
uses another method to work with sessions and for it another code must be
used (for clearing of session).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "Matteo Valenza"
To: "Susan Bradley"
Cc: "MustLive"; <bugtraq@...urityfocus.com>
Sent: Friday, April 16, 2010 8:08 PM
Subject: Re: Vulnerability in CB Captcha for Joomla and Mambo
how can i solve this issue quickly ?
Thanks.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists