Google re-captcha bypass on indeed

Hi Guys,

Bug type : Broken authentication 

Category : Broken authentication and privilege escalation

OWASP Link : https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management

Company : Indeed

Description of the vulnerability :
Indeed has implemented Google recaptcha in the forum for new topics and comments.It was vulnerable and same google code could be used for each time.Basically old google code could be used to send a request and server was accepting any google re captcha code.

VIdeo POC Link :

Hall of fame : https://bugcrowd.com/indeed/hall-of-fame

Reward : 200$



Comments

Popular posts from this blog

Airbnb : Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method (IDOR)

Add Credit Card to Any Uber account Through eats.uber.com(CSRF)

XSS+CSRF attack in Tagged using Redirect parameter(Open URL Redirection attack Possible)