If I visit the link http://mega.1280.com/file/EKOZKE/, enter the captcha code and click the Download button, I can download the file.
I wonder if I can submit the form without clicking the 'Download' button? I mean typing the captcha code directly on the address bar and hit Enter?
I try http://mega.1280.com/file/EKOZKE/?code_security=xxxxxx where 'code_security' is the name of the textbox of the captcha code but it failed. Any ideas?
The form has a POST method. You can't emulate a POST request with a different url, that's what GET requests do.
Even if the server doesn't check the method of the request, you still have to provide every mandatory data. If you look at what is sent by the form, you'll see there are 3 other parameters (action, btn_download, file_id), and more importantly several cookies that the server need to recover your php session (PHPSESSID), which is in turn needed to match your security_code with the provided CAPTCHA.
Bottom line: you can emulate the request, but not by submitting a simple GET request. You have to use a real user agent, one that is able to send post requests and handle cookies.
...But of course, that's exactly what CAPTCHA are here to prevent you to do :-).
edit: to reply to your comment "I just want to find out the technique that this website use to submit form." :
This website doesn't submit the form, actually. It's your browser that submits the form, and it does so by conforming to HTML and HTTP standards. On the webpage, the form is coded
<form name="frm_download" method="post" action="">
So when you click on the "submit" button, your browser collects all the data from the inputs (text, hidden, whatever) and sends a HTTP POST request to the same url that the form originated from, with a bunch of HTTP headers (including a Cookie header that contains all the stored cookies information attached to this server domain) and a body containing the form data : a list of key/value pairs.
The server receives the request. It can check that it's actually a POST request. It can and will retrieve all submitted pairs of data (parameters). It can retrieve the cookies, and will do so to restore your php session. It will then compare your security_code parameter with the correct data stored in your php session. If the CAPTCHA matches, then it will send you a response containing the file pointed by your file_id parameter.