Broken Authentication - Captcha Bypass
Summary
Hi, my name is Rohmad and I’m a Bug Hunter from Indonesia. In this article I will share my experience of how I managed to bypass captcha on a website.
Description
Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Which is a test designed to differentiate between real humans and computer bots. Typically, Captchas ask users to type text displayed in an image, solve a jigsaw puzzle, or even perform a specific task such as identifying all images with traffic in them.
Proof of Concept
1. Log in and enter your credentials, then check the ReCAPTCHA.
2. Enable Intercept in Burpsuite and FoxyProxy, then Sign in.
3. Go to Burpsuite and Forward until this section.
Then delete the &g-recaptcha-response=blablabla parameter.
4. Right click > Do intercept > Response this request, Forward to this section.
5. Turn off Intercept in Burpsuite and go to your Browser, it will automatically redirect to your account or reload the page.
Impact
1. Brute Force attacks on user accounts.
2. DDoS attacks.
If the developer has not provided a limit for Login/Register attempts, this vulnerability can slow down the service and can overload the server resulting in the website being inaccessible.
