Exploit-DB Captcha Cracked

Note:
I am looking for a job in information security domain. Any lead or link is highly appreciable.

## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : https://www.exploit-db.com/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

—————————————-
Description:
—————————————-
Exploit-DB implemented a weak captcha which could be cracked easily.

—————————————-
POC:
—————————————-

Vulnerability Disclosure Timeline:
→ March 19, 2016  – Bug discovered, initial report to Offensive Security Team
→ March 23, 2016  – No Response. Bug Patched, Google Re-Captcha Implemented
→ March 23, 2016  – Email sent again for update
→ March 23, 2016  – Vendor Response. Captcha Bypass not a security Issue

Thanks to Debasish Mandal for the original script.

Advertisements

4 thoughts on “Exploit-DB Captcha Cracked

  1. Good job you did there. But there’s one thing I don’t understand with cracking captchas since capchas are renewed with each new request to the page protected with captcha. Does that mean your search get request to the server can be automated? I would also like a download link to the python script. Thank you.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s