Captcha Bypass -> Not Expiring After Used
CAPTCHA Is a type of challenge–response test used in computing to determine whether the user is human or a bot. Solved captcha is meant to be used once, so if the captcha is misconfigured, we can be able to reuse it several times.
Exploitation
Let’s enter the answer and intercept the request in burpsuite.
We will forward the request and send copy of it to burp repeater so that we can reuse it.
Now we have used the captcha to access this page.
We will go back to burp repeater and try to reuse the captcha. Captcha is meant to be used once, so if the captcha is misconfigured, we can be able to reuse the captcha several times.
As you can see , we were able to reuse the captcha.
We can use null payload in burp intruder to send any number of request we want with the solved captcha.
