Bugtraq mailing list archives

Exploit-DB Captcha Bypass

From: Rahul Pratap Singh <techno.rps () gmail com>
Date: Sun, 1 May 2016 17:02:43 +0530

## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : https://www.exploit-db.com/
#Website : https://0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

----------------------------------------
Description:
----------------------------------------
Exploit-DB implemented a weak captcha which could be cracked easily.

----------------------------------------
POC:
----------------------------------------
https://www.youtube.com/watch?v=Zb-RfYNqLKQ

Vulnerability Disclosure Timeline:
→ March 19, 2016  – Bug discovered, initial report to Offensive Security
Team
→ March 23, 2016  – No Response. Bug Patched, Google Re-Captcha Implemented
→ March 23, 2016  – Email sent again for update
→ March 23, 2016  – Vendor Response. Captcha Bypass not a security Issue

Thanks to Debasish Mandal for the original script.

Pub Ref:
https://0x62626262.wordpress.com/2016/05/01/exploit-db-captcha-cracked

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Exploit-DB Captcha Bypass Rahul Pratap Singh (May 02)