Twitter: Captcha bypass with extension at http://www.mopub.com/about/contact/

2014-06-04T08:13:25
ID H1:15047
Type hackerone
Reporter vineet
Modified 2014-09-22T11:44:52

Description

Hello,

These days Captcha's are one of the most vulnerable methods To Protect The Website From Bots, But there is a Extension Named Rumola Which Automatically Fills up the Captcha While We Fill Other Credentials like Email etc. Here a Vulnerability Arises That Bots May Use This Extension Script in their Interface To Bypass the Captcha Check. it may lead to flooding in database too.

As a possible Fix, you can Replace Captcha check with- 1) A Honeypot Trap or 2) A simple Task or 3) Skill testing Question.

thanks

Vineet