BugTraq
Exploit-DB Captcha Bypass May 01 2016 11:32AM
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : https://www.exploit-db.com/
#Website : https://0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

----------------------------------------
Description:
----------------------------------------
Exploit-DB implemented a weak captcha which could be cracked easily.

----------------------------------------
POC:
----------------------------------------
https://www.youtube.com/watch?v=Zb-RfYNqLKQ

Vulnerability Disclosure Timeline:
â?? March 19, 2016 â?? Bug discovered, initial report to Offensive Security
Team
â?? March 23, 2016 â?? No Response. Bug Patched, Google Re-Captcha Implemented
â?? March 23, 2016 â?? Email sent again for update
â?? March 23, 2016 â?? Vendor Response. Captcha Bypass not a security Issue

Thanks to Debasish Mandal for the original script.

Pub Ref:
https://0x62626262.wordpress.com/2016/05/01/exploit-db-captcha-cracked

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXJelcAAoJEHvvjkrl0EQ0LxwP/iFSufOSVLBNeK2g8L7aAq27
f5PFlVtn0ss5bG2wieIY2VpYxxoK+Qd/kk10nOxuevYxgQE5ROw06fGWzmmvj3yA
etIZlcBKTc+cloeCdeDhrD7UkvEUF2WZdCAW5A990a/nCkWAy7JhFrheaX6TLaEJ
D7E96Rlm/36Vd/epEQ/JCnQil0TuZw8H8Rhw75Oo0X+NGpIz3EFUNS7PpMtgBtm1
qTQUEdNByEhLcRM8D4g5AljICqim5SiwqdXPJQx6ZjruxZScNgmRcULHLT9uK5Za
PkFTjsRd8BQ6YP/3w8Ajtw4vMOYyvOTnbnu0pbdm8Z3kzJ5RCu/aGovoJP7xQtpu
W+ZRVLeP/zV0jNG+Y8hwqAXbJ1AbN91u7O369/A3/IavorSVOWKlg/f0M49Ixfxp
zqOmVS0LMVvJnxDy6+r2ZW6XHNSsVtObdN42LynKvE6bfrM3GOIep09HBdQaZEFD
L7rjo9YEJKrDvk1P6qoIQ5FIbgjI5c4u9QiAMrnlBqY86vhvd2QSsEzjAJCTdYAe
sW40y5MYzhS+U2bZh7+0kc0YrwxtWZJKar0LwbCxQ6WznY3isygoNm6UYWSKggKr
Nn0tOz6EhuJ047oRy3PSzO7kOHOEAseQRATK7MTUHWEOSvLN4enuvjvUksGNGFhl
PNTxYis/QYnuoAtOw67t
=lJX4
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus