## FULL DISCLOSURE #Exploit Author : Rahul Pratap Singh #Home page Link : https://www.exploit-db.com/ #Website : https://0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 1/5/2016 ---------------------------------------- Description: ---------------------------------------- Exploit-DB implemented a weak captcha which could be cracked easily. ---------------------------------------- POC: ---------------------------------------- https://www.youtube.com/watch?v=Zb-RfYNqLKQ Vulnerability Disclosure Timeline: → March 19, 2016 – Bug discovered, initial report to Offensive Security Team → March 23, 2016 – No Response. Bug Patched, Google Re-Captcha Implemented → March 23, 2016 – Email sent again for update → March 23, 2016 – Vendor Response. Captcha Bypass not a security Issue Thanks to Debasish Mandal for the original script. Pub Ref: https://0x62626262.wordpress.com/2016/05/01/exploit-db-captcha-cracked
Attachment:
signature.asc
Description: OpenPGP digital signature
