Captcha bypass in Metinfo Version <=5.3.17

There is a captcha bypass in metinfo version <=5.3.17

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.

Firstly visit http://account.metinfo.cn/login/findpass/

It is the official demo of the metinfo.

fill in the information and proxy via burpsuite.

The same captcha can be use many times in 120seconds and the other captcha of metinfo has the same problem

 

> [Discoverer]
> Lncken

Use CVE-2017-11717.

Reply