CVE-2008-2019 PoC — SMF Audio CAPTCHA 安全绕过漏洞

Source

https://github.com/TheRook/AudioCaptchaBypass-CVE-2008-2019

Associated Vulnerability

Title:SMF Audio CAPTCHA 安全绕过漏洞 (CVE-2008-2019)
Description:Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308.

File Snapshot


 [4.0K]  /data/pocs/73ad2ba44cac20ebc2a7b42d1e612f75b0917b27
├── [9.3K]  a.wav
├── [2.0K]  gen_sound.php
├── [2.1K]  index.php
├── [ 11K]  math.php
├── [1.7K]  README.txt
└── [4.0K]  sound
    ├── [3.8K]  a.english.wav
    ├── [4.6K]  b.english.wav
    ├── [4.4K]  c.english.wav
    ├── [4.4K]  d.english.wav
    ├── [3.9K]  e.english.wav
    ├── [3.9K]  f.english.wav
    ├── [5.0K]  g.english.wav
    ├── [4.5K]  h.english.wav
    ├── [3.9K]  i.english.wav
    ├── [5.5K]  j.english.wav
    ├── [5.3K]  k.english.wav
    ├── [4.0K]  l.english.wav
    ├── [3.9K]  m.english.wav
    ├── [3.6K]  n.english.wav
    ├── [3.7K]  o.english.wav
    ├── [3.4K]  p.english.wav
    ├── [4.5K]  q.english.wav
    ├── [4.1K]  r.english.wav
    ├── [4.0K]  s.english.wav
    ├── [4.3K]  t.english.wav
    ├── [4.3K]  u.english.wav
    ├── [5.2K]  v.english.wav
    ├── [6.8K]  w.english.wav
    ├── [4.3K]  x.english.wav
    ├── [5.1K]  y.english.wav
    └── [5.2K]  z.english.wav

1 directory, 31 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2008-2019 PoC — SMF Audio CAPTCHA 安全绕过漏洞

Source

Associated Vulnerability

File Snapshot

Remarks