Insecure CAPTCHA in DVWA Solution This repository provides a solution to the Insecure CAPTCHA challenge in DVWA, featuring exploit scripts, detailed documentation, mitigation strategies, and test cases. It's designed for educational purposes to help understand and secure CAPTCHA implementations.
Insecure CAPTCHA refers to a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) implementation that is vulnerable to being bypassed or defeated by automated scripts or malicious users. CAPTCHAs prevent automated systems from performing actions meant for humans, such as submitting forms or creating accounts. However, if the CAPTCHA is not implemented securely, it can be easily circumvented, rendering it ineffective
The Solution of low and medium level are same
Burp will be required for this challenges
Change the password and pass the CAPTCHA once the password is changed go to burp HTTP History and observe the two requests of POST
of dvwa/vulnerabilities/captcha
Compare both the requests you can see there are changes in content length
We will be taking the below request in the repeater
Now change the password parameter and send the request check in the response whether the password is changed or not try to cross-check by logging off the ID and try login by using the password that you have used in the repeater