| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5725E95B.9000607@gmail.com>
Date: Sun, 1 May 2016 17:02:43 +0530
From: Rahul Pratap Singh <techno.rps@...il.com>
To: bugtraq@...urityfocus.com
Subject: Exploit-DB Captcha Bypass
## FULL DISCLOSURE
#Exploit Author : Rahul Pratap Singh
#Home page Link : https://www.exploit-db.com/
#Website : https://0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016
----------------------------------------
Description:
----------------------------------------
Exploit-DB implemented a weak captcha which could be cracked easily.
----------------------------------------
POC:
----------------------------------------
https://www.youtube.com/watch?v=Zb-RfYNqLKQ
Vulnerability Disclosure Timeline:
→ March 19, 2016 – Bug discovered, initial report to Offensive Security
Team
→ March 23, 2016 – No Response. Bug Patched, Google Re-Captcha Implemented
→ March 23, 2016 – Email sent again for update
→ March 23, 2016 – Vendor Response. Captcha Bypass not a security Issue
Thanks to Debasish Mandal for the original script.
Pub Ref:
https://0x62626262.wordpress.com/2016/05/01/exploit-db-captcha-cracked
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists