Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Google IP4 Captcha Hijacking
- POC (proof of concept): http://viper-7.com/08vbvz/5.6.10?
- Reproduction steps:
- 1.make an html file
- 2.use file arbitrary method
- 3.bypass captcha
- Browser/OS: Any
- Attack scenario: Could Bypass Google Captcha by using below method !
- <form id="frmCaptcha" name="frmCaptcha">
- <table >
- <tr>
- <td align="left" >
- <label for="captcha">Captcha</label>
- </td>
- <td>
- <input id="txtCaptcha" type="text" name="txtCaptcha" value="" maxlength="10" size="32" />
- </td>
- <td>
- <img id="imgCaptcha" src="https://ipv4.google.com/sorry/image?" />
- </td>
- </tr>
- <tr>
- <td> </td>
- <td>
- <input id="btnCaptcha" type="button" value="Captcha Test" name="btnCaptcha"
- onclick="getParam(document.frmCaptcha)" />
- </td>
- </tr>
- </table>
- <div id="result"> </div>
- </form>
- </body>
Add Comment
Please, Sign In to add comment