Google re-captcha bypass on indeed

Hi Guys,

Bug type : Broken authentication 

Category : Broken authentication and privilege escalation

OWASP Link :

Company : Indeed

Description of the vulnerability :
Indeed has implemented Google recaptcha in the forum for new topics and comments.It was vulnerable and same google code could be used for each time.Basically old google code could be used to send a request and server was accepting any google re captcha code.

VIdeo POC Link :

Hall of fame :

Reward : 200$


Popular posts from this blog

Airbnb : Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method (IDOR)

Email Address disclosure of all the Mozilla Add-ons Account(Indirect Object reference)

XSS+CSRF attack in Tagged using Redirect parameter(Open URL Redirection attack Possible)