Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneVineetH1:15047
HistoryJun 04, 2014 - 8:13 a.m.

X (Formerly Twitter): Captcha bypass with extension at http://www.mopub.com/about/contact/

2014-06-0408:13:25
vineet
hackerone.com
6
JSON

Hello,

These days Captcha’s are one of the most vulnerable methods To Protect The Website From Bots, But there is a Extension Named Rumola Which Automatically Fills up the Captcha While We Fill Other Credentials like Email etc. Here a Vulnerability Arises That Bots May Use This Extension Script in their Interface To Bypass the Captcha Check. it may lead to flooding in database too.

As a possible Fix, you can Replace Captcha check with- 1) A Honeypot Trap or 2) A simple Task or 3) Skill testing Question.

thanks

Vineet

JSON