Infinite recusrion on captcha script

John's Avatar

John

12 Feb, 2017 10:27 AM

hello, noticed that arachni is unable to avoid scanning recursive elements, such as captcha script. I've tried with option --scope-auto-redundant=2 but it didn't work.
Link example:
target.com/plugins/system/captcha/showcode.php?1486894932(DYNAMIC)&sid=632197564be8d7889071176760e51422(DYNAMIC)&crt=0&clr=255,255,255&bgr=196,196,196&xsize=100&ysize=40&suf=1
Dynamic values are marked by me as "(DYNAMIC)"

If you need more information (domain/log/etc) please tell me your email and i'll send it to you

  1. Support Staff 1 Posted by Tasos Laskos on 14 Feb, 2017 12:09 PM

    Tasos Laskos's Avatar

    Hello,

    Looks like a parameter name (1486894932(DYNAMIC)) is dynamic, so the --scope-auto-redundant option will not work.
    You can use the --scope-redundant-path-pattern option for greater control, like so:

    --scope-redundant-paths=1486894932:5
    

    Let me know how it works.

  2. 2 Posted by John on 14 Feb, 2017 04:50 PM

    John's Avatar

    showcode.php:10 worked well, is there any chance to add a plugin for autosolving such problems without user actions?

  3. Support Staff 3 Posted by Tasos Laskos on 14 Feb, 2017 04:51 PM

    Tasos Laskos's Avatar

    Can't really be done accurately.

  4. Tasos Laskos closed this discussion on 17 Feb, 2017 11:59 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac