Amazon Captcha Cracked

Note:
I am looking for a job in information security domain. Any lead or link is highly appreciable.

## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : http://www.amazon.com
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

—————————————-
Description:
—————————————-
Amazon has implemented a weak captcha which could be cracked easily.

—————————————-
POC:
—————————————-

Vulnerability Disclosure Timeline:
→ March 28, 2016  – Bug discovered, initial report to Amazon Security Team
→ March 29, 2016  – Vendor Response. Case number assigned.
→ March 31, 2016  – Vendor Response. Weak captcha is intentional. Have additional                                                    controls in place to detect and respond to this type of issue.
→ March 31, 2016  – No Fix.

Thanks to Debasish Mandal for the original script.

Advertisements

Exploit-DB Captcha Cracked

Note:
I am looking for a job in information security domain. Any lead or link is highly appreciable.

## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : https://www.exploit-db.com/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

—————————————-
Description:
—————————————-
Exploit-DB implemented a weak captcha which could be cracked easily.

—————————————-
POC:
—————————————-

Vulnerability Disclosure Timeline:
→ March 19, 2016  – Bug discovered, initial report to Offensive Security Team
→ March 23, 2016  – No Response. Bug Patched, Google Re-Captcha Implemented
→ March 23, 2016  – Email sent again for update
→ March 23, 2016  – Vendor Response. Captcha Bypass not a security Issue

Thanks to Debasish Mandal for the original script.