Ticket Information - ID: #1240
ID: | Category: | Severity | Reproducibility | Date Submitted | Updated By: |
---|---|---|---|---|---|
0001240 | Bug Reporting | normal | always | 11/27/22 06:38PM | Jerl |
|
|
Summary: | Login Captcha Bypass |
Description: | Your able to bypass the login captcha and any ratelimiting on that form by manually setting the pass_hash and user_id headers. You can use the "/index.php?page=account&s=profile&uname=USERNAME" to get the user_id from the username and then you can calculate the pass hash yourself. You can then just send a request to any other page and check the Set-Cookie headers to see if the login succeeds or fails. |
Additional Info: | Since this is a bug inherent with using pass_hash for an auth cookie, I don't expect this to be easy to fix. |