JEE Mains results just get out few days ago and all the JEE Advance eligible candidates starts filling up registration forms but know one tried to look for the security vulnerability present in the portal.
Hi, I am Chirag Sukhla, Cyber Security enthusiast and JEE aspirant. While I was about to login in the JEE portal I start scratching that part of my brain which forced me to look at the source code and find the captcha bypass vulnerability, present in the portal.
A P.O.C (Point of concept) Video & Steps is attached below.
[youtube id=”NPz7WGKMUP4″ width=”600″ height=”340″ position=”left”]
you can clearly see in above image that captcha value is present in text in URL query.
opening the image URL in new tab will look like
Captcha is an essential security parameter to prevent brute-forcing attack, and I didn’t expected IIT JEE Advance portal to left behind this major security vulnerability.
Maybe this is not that major vulnerability for N.I.C (National Infomatic Centre) but this is motivation for security researchers to look for other major vulnerability that may be present there.
lame joke about JEE Advance captcha:
Kids solve captcha,
Men use scripts to solve captcha,
Legends just bypass captcha.
Do Share, Comment, because sharing is caring. 🙂