[ home ] [ qa2 / q / soicuck / vip2 / weab / hrp / ] [ login / overboard / rules / faq / flags / bans / pph ] [ updates / booru / legacy / bunker ]

/q/ - TRR Meta

Name
Email
Subject
Comment
Verification
Flag
File
Embed
Password (For file deletion.)

cereanigger MUST be hanged

File: 1727552678695.jpg (41.88 KB, 653x564, 437 - fly pepe.jpg)ImgOps Yandex

 No.672

There's a very important vulnerability I'd like to report about the Trumpflare Captcha.

One thing I've noticed is that the letters that are used are very easily to manipulate. By malforming the GET request's "extra" parameter, I can make it only return the numbers "1488", the letter "q", or anything of that sort. Here's an example:

>A soicuck makes the captcha only return the letter "ö"

>Thus, every single captcha will have the result "ööööö"
>Captcha is bypassed and the soicuck will now spam /qa2/

My solution to this, is to stop any sort of tampering with the parameters. The default Captcha letters are "abcdefghijklmnopqrstuvwxyz", and every time a request is sent to the captcha entrypoint, compare the extras parameter from the request and the string "abcdefghijklmnopqrstuvwxyz".

 No.673

informative

 No.681

well, this isnt really a problem, as it wont let you submit

 No.682

You should test a vulnerability next time before assuming it

 No.683

File: 1727632714791.png (16.54 KB, 735x208, 1703250588757.png)ImgOps Yandex

kek, its keyed



[Return][Go to top] Catalog [Post a Reply]
Delete Post [ ]
[ home ] [ qa2 / q / soicuck / vip2 / weab / hrp / ] [ login / overboard / rules / faq / flags / bans / pph ] [ updates / booru / legacy / bunker ]