I don’t really look for captcha bypass, but this one specified that if a captcha bypass is found it will be rewarded.
So i started looking for the most common places where captcha can be found like signup, login and password reset pages. The one i found was on the Signin page.
As you can see the sign-in button is disabled and is only enabled after we check I’m not a robot. Since it was disabled, i quickly right clicked on the button and clicked Inspect Element and changed the disabled parameter to enabled.
The button was now enabled and i could click to sign.
So i entered the email and password and i was logged in without clicking on I’m not a robot. CAPTCHA BYPASSED
I was still curious how the request looked like, so i opened burpsuite and looked at the request and noticed that the server didn’t check for captcha’s response in the first place. I could simple remove the captcha-response and send it and it redirected me to the dashboard.
There was no need for me to enable the button, i just had to look at the request and remove the captcha response.
I made a quick POC, sent it to the security team and within a day they replied.
I had read previous reports like this in the past to bypass captcha but to find one was great. Hope you learned something from this and if you liked it then please do share and 👏.