Drupal <= 6.20 insecure Captcha defaults PoC
Name: Drupal <= 6.20 insecure Captcha defaults PoC
Systems Affected: Drupal <= 6.20 with Captcha <= 2.3
Severity: Medium
Vendor: http://drupal.org
Advisory: http://antisnatchor.com/Drupal_insecure_Captcha_defaults_PoC
Author: Michele "antisnatcho
ele, good luck in your security researches.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
[Full-disclosure] [AntiSnatchOr] Drupal <= 6.20 insecure Captcha defaults
PoC
Michele Orru antisnatchor at gmail.com
Thu Feb 10 12:15:01 GMT 2011
>
On Mon, Feb 14, 2011 at 4:54 PM, MustLive wrote:
> Hello Michele!
>
> Few days ago I saw your advisory about Drupal's captcha. It's interesting
> advisory, but I have one note concerning it - your research is very close
> to
> mine ;-) (it concerns similar holes which I found before you).
>
Quit
een in contact with Jakub Suchy and
Mori Sugimoto. They said that the issue I've reported qualified for public
disclosure.
Probably they didn't told me about you because they don't give a shit
about you, as all of us that write in FD do :)
Have a good day mr. MustLive
>
>
On Tue, Feb 15, 2011 at 12:25 AM, Eyeballing Weev
wrote:
>
>
> On Mon, Feb 14, 2011 at 4:54 PM, MustLive
> wrote:
>>
>> Hello Michele!
>>
>> Few days ago I saw your advisory about Drupal's captcha. It's interesting
>> advisory, but I have one note concerning it - your research is very close
>> to
Some guys pay more for women with "extra hardware". What are you doing
later? ;-)
> What the hell :)
> I'm a man mate.
>
> Michele is like Michael.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
On 15/02/2011 16:55, Michele Orru wrote:
> 2011/2/14 MustLive:
>> Hello Michele!
>>
>> Few days ago I saw your advisory about Drupal's captcha. It's interesting
>> advisory, but I have one note concerning it - your research is very close to
>> mine ;-) (it concerns similar holes which I found befor
