if( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '1' ) ) {
// Hide the CAPTCHA form
$hide_form = true;
// Get input
$pass_new = $_POST[ 'password_new' ];
$pass_conf = $_POST[ 'password_conf' ];
// Check CAPTCHA from 3rd party
$resp = recaptcha_check_answer(
$_DVWA[ 'recaptcha_private_key'],
$_POST['g-recaptcha-response']
);
// Did the CAPTCHA fail?
if( !$resp ) {
// What happens when the CAPTCHA was entered incorrectly
$html .= "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
$hide_form = false;
return;
}
else {
// CAPTCHA was correct. Do both new passwords match?
if( $pass_new == $pass_conf ) {
// Show next stage for the user
echo "
<pre&
dvwa :Insecure CAPTCHA(low) 验证码绕过
于 2022-08-22 09:44:02 首次发布
该博客探讨了DVWA中的Insecure CAPTCHA(低级别)漏洞,指出当step参数为1时,系统会检查验证码,而为2时则跳过验证码验证。通过使用Burpsuite抓包并修改step参数为2,可以绕过验证码,直接进行密码修改,从而揭示了一个安全问题。
摘要由CSDN通过智能技术生成