You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by vahid ghasemi <va...@gmail.com> on 2021/07/31 15:39:26 UTC
login captcha issue
Hello
I have a login form with a captcha.
I tested my form with Burp suite (penetration test tool).
in Burp I can send header requests a lot of time for brood force(just
change password).
this problem is because of the number at end of my
URL(localhost:8080/login?1).
so with this way attackers can bypass captcha.
how can i fix this problem.
Re: login captcha issue
Posted by Martin Grigorov <mg...@apache.org>.
Have you tried calling `captchaImageResource.invalidate();` in your
onSubmit() method ?
On Sun, Aug 1, 2021 at 4:24 PM vahid ghasemi <va...@gmail.com>
wrote:
> I used this method but after that my captcha image is not rendered and cant
> see that.
>
> On Sun, Aug 1, 2021 at 11:11 AM Maxim Solodovnik <so...@gmail.com>
> wrote:
>
> > You can set-up NoVersionMapper
> > https://stackoverflow.com/questions/8602489/delete-version-number-in-url
> >
> >
> >
> > from mobile (sorry for typos ;)
> >
> >
> > On Sat, Jul 31, 2021, 22:39 vahid ghasemi <va...@gmail.com>
> > wrote:
> >
> > > Hello
> > > I have a login form with a captcha.
> > > I tested my form with Burp suite (penetration test tool).
> > > in Burp I can send header requests a lot of time for brood force(just
> > > change password).
> > > this problem is because of the number at end of my
> > > URL(localhost:8080/login?1).
> > > so with this way attackers can bypass captcha.
> > > how can i fix this problem.
> > >
> >
>
Re: login captcha issue
Posted by vahid ghasemi <va...@gmail.com>.
I used this method but after that my captcha image is not rendered and cant
see that.
On Sun, Aug 1, 2021 at 11:11 AM Maxim Solodovnik <so...@gmail.com>
wrote:
> You can set-up NoVersionMapper
> https://stackoverflow.com/questions/8602489/delete-version-number-in-url
>
>
>
> from mobile (sorry for typos ;)
>
>
> On Sat, Jul 31, 2021, 22:39 vahid ghasemi <va...@gmail.com>
> wrote:
>
> > Hello
> > I have a login form with a captcha.
> > I tested my form with Burp suite (penetration test tool).
> > in Burp I can send header requests a lot of time for brood force(just
> > change password).
> > this problem is because of the number at end of my
> > URL(localhost:8080/login?1).
> > so with this way attackers can bypass captcha.
> > how can i fix this problem.
> >
>
Re: login captcha issue
Posted by Maxim Solodovnik <so...@gmail.com>.
You can set-up NoVersionMapper
https://stackoverflow.com/questions/8602489/delete-version-number-in-url
from mobile (sorry for typos ;)
On Sat, Jul 31, 2021, 22:39 vahid ghasemi <va...@gmail.com> wrote:
> Hello
> I have a login form with a captcha.
> I tested my form with Burp suite (penetration test tool).
> in Burp I can send header requests a lot of time for brood force(just
> change password).
> this problem is because of the number at end of my
> URL(localhost:8080/login?1).
> so with this way attackers can bypass captcha.
> how can i fix this problem.
>