Replaying request with same captcha
The server fails to enforce captcha expiration, allowing users to submit multiple requests using the same captcha value without time restrictions.
Lack of Resources & Rate Limiting (RL)
How this template works
APIs Selection
The template includes filters to select API requests based on specific criteria. In this case, it filters requests based on the response code being between 200 and 300, or if the request payload or query parameter contains the word "captcha".
Execute request
The template specifies a single request to be executed. It adds a custom header to the request, specifically the "x-akto-ignore" header with a value of "0".
Validation
The template defines validation criteria for the response. It checks that the response code is between 200 and 300, the percentage match of the response payload is greater than 80%, and the length of the response is greater than 0.
Frequently asked questions
What is the impact of bypassing CAPTCHA protection in this scenario
How does the server fail to enforce captcha expiration in this test
What are the potential consequences of successful replaying of captchas
What category and subcategory does this vulnerability fall under
What are some tags associated with this vulnerability
Can you provide a reference for further information on this vulnerability
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
