Exploit-DB Captcha Bypass

From: Rahul Pratap Singh <techno.rps@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: Exploit-DB Captcha Bypass
Date:


## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : https://www.exploit-db.com/
#Website : https://0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

----------------------------------------
Description:
----------------------------------------
Exploit-DB implemented a weak captcha which could be cracked easily.

----------------------------------------
POC:
----------------------------------------
https://www.youtube.com/watch?v=Zb-RfYNqLKQ

Vulnerability Disclosure Timeline:
→ March 19, 2016  – Bug discovered, initial report to Offensive Security
Team
→ March 23, 2016  – No Response. Bug Patched, Google Re-Captcha Implemented
→ March 23, 2016  – Email sent again for update
→ March 23, 2016  – Vendor Response. Captcha Bypass not a security Issue

Thanks to Debasish Mandal for the original script.

Pub Ref:
https://0x62626262.wordpress.com/2016/05/01/exploit-db-captcha-cracked





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.