可以通过发送 NULL 字节绕过 recaptcha 吗? [英] Can recaptcha be bypassed by sending NULL bytes?
问题描述
我们正在运行 Atomic Secured Linux,它一直在捕获在 recaptcha_response_field 中发送 NULL 字节的帖子.有问题的帖子肯定是垃圾邮件,但唯一获得空字节的字段是recaptcha_response_field".特别是,POST 正文中出现了两次以下内容:
We're running Atomic Secured Linux, and it's been catching posts that are sending NULL bytes in the recaptcha_response_field. The posts in question are definitely spammy, but the only field that gets null bytes is "recaptcha_response_field". In particular, the following is present twice in the POST body:
recaptcha_response_field=%00%00%00%00%00%00%00%00
我想知道这是否是一种针对 recaptcha 的已知攻击,或者是否是一种已知的危害 Web 服务器的方法.如果是这样,它打算做什么.
I'm wondering if this is a known attack against recaptcha, or otherwise a known method of compromising web servers. And if so, what it's intended to do.
推荐答案
我不这么认为,至少在 recaptcha 后端不是.Google 非常重视安全,尤其是在公共服务方面.因此,您与 google 后端通信的 recaptcha 实现可能会受到攻击,但我仍然不这么认为.
I dont think so, at least not at recaptcha backend. Google takes security seriously, especially with public services. So your recaptcha implementation, which communicates with google backend might be attackable, but I still don't think so.
试试吧.记录每次尝试,您将看到 NULL 尝试是否成功.
这篇关于可以通过发送 NULL 字节绕过 recaptcha 吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!