Is there a limit to total number of CAPTCHA tries? Is same proxy used for all tries?

I know some systems have a limit and will lock out a user after x CAPTCHA fails.
But…I also know that this might only affect things if one proxy is used for consecutive solve attempts on fails. Which way does SER handle consecutive solve attempts: same proxy or different?
AND, if same proxy is used, what’s the highest number of total tries suggested?  I have used various external solvers, and even the ones at the end of the list seem to get used, so it seems having a high number of tries does work.
Thanks…

Insecure captcha to RCE? [closed]

i have found a simple script php with untrusted user input to make a captcha I would like to know if this practice can lead to a code exuction or os command injection ?

The user input looks like this :

https://x.com/x.php?captcha=YToyOntzOjY6ImFjdGlvbiI7czoxNDoiUG9ydGFsLmNhcHRjaGEiO3M6NjoicGFyYW1zIjthOjU6e3M6NToid2lkdGgiO2k6MTMwO3M6NjoiaGVpZ2h0IjtpOjMwO3M6ODoiZm9udHNpemUiO2k6MTY7czo1OiJiZ2NvbCI7czo2OiJGRkZGRkYiO3M6NToiZmdjb2wiO3M6NjoiMjAyMDgwIjt9fQ==&sid=eeb0f20778cfbba2c4fd8d6c125f6e06 

enter image description here

The paramater captcha is encoded with base64 and when i decode this is a array serialized

a:2:{s:6:"action";s:14:"Portal.captcha";s:6:"params";a:5:{s:5:"width";i:130;s:6:"height";i:30;s:8:"fontsize";i:16;s:5:"bgcol";s:6:"FFFFFF";s:5:"fgcol";s:6:"202080";}} 

When i unsezialised this, it’s look like this

Array (     [action] => Portal.captcha     [params] => Array         (             [width] => 130             [height] => 30             [fontsize] => 16             [bgcol] => FFFFFF             [fgcol] => 202080         )  ) 

This array is used for make the captcha, but i dont how be the php code make the captcha image, with a librarie ? with php function ? with a remote command ?

I have try to change the color from the image and is works

enter image description here

$  Array['params']['bgcol'] =  '439a00'; 

I have try to change a str value to integer and the captcha background color is black

$  ARRAY['params']['bgcol'] =  1; 

But when i add manualy bad chars into a parameter value array like this, and manualy encode with the base64

a:2:{s:6:"action";s:14:"Portal.captcha";s:6:"params";a:5:{s:5:"width";i:130;s:6:"height";i:30;s:8:"fontsize";i:16;s:5:"bgcol";s:6:"FFFFFF";s:5:"fgcol";s:6:&"'{};;}} 

enter image description here

The request return Call is not captcha function

my question is, this captcha generator can lead to a vulnerabilities ?what vulnerabilites ?

Thank you for help and sorry for my bad english

good bye

XEvil Captcha Service don’t work in GSA SER

Hi!

I used to use XEvil Captcha Service connected to GSA SER. Then I’ve reinstaled a new Windows on my PC and as a result can’t make GSA SER working now. I’ve been testing GSA with XEvil for connection (responding) and correct work – everything seems good. But when I start the project – captcha service don’t resolve (there is no resolved or failed result, nothing changes in “captcha cell”).

XEvil Captcha Service is working correctly with Xrumer. Proxies in GSA are also working (private ones).
Log is running, but no submissions are done.

What could be the problem? 

Thanks.

Problem with captcha

Does anyone know why I’m getting this error when using Xevil for captcha service:
12/16/2019 6:12:48 PM: GET /res.php?key=GSA&action=get&id=303
12/16/2019 6:12:48 PM: id = 303
12/16/2019 6:12:48 PM: text = CAPCHA_NOT_READY
12/16/2019 6:12:49 PM: GET /res.php?key=GSA&action=get&id=300
12/16/2019 6:12:49 PM: id = 300
12/16/2019 6:12:49 PM: text = CAPCHA_NOT_READY
12/16/2019 6:12:49 PM: GET /res.php?key=GSA&action=get&id=284
12/16/2019 6:12:49 PM: id = 284
12/16/2019 6:12:49 PM: text = ERROR_CAPTCHA_UNSOLVABLE
12/16/2019 6:12:49 PM: GET /res.php?key=GSA&action=get&id=308
12/16/2019 6:12:49 PM: id = 308
12/16/2019 6:12:49 PM: text = CAPCHA_NOT_READY
12/16/2019 6:12:49 PM: GET /res.php?key=GSA&action=get&id=302
12/16/2019 6:12:49 PM: id = 302
That is Xevil log. Everything was working fine and for some reason after I updated GSA, the antivirus started to give warnings and this started to happen.