Captcha image in new tab

Security Vulnerability found in IIT – Jee Advance Portal

JEE Advance IIT Hacked
JEE Advance IIT Hacked

JEE Mains results just get out few days ago and all the JEE Advance eligible candidates starts filling up registration forms but know one tried to look for the  security vulnerability present in the portal.

Hi, I am Chirag Sukhla, Cyber Security enthusiast and JEE aspirant. While I was about to login in the JEE portal I start scratching that part of my brain which forced me to look at the source code and find the captcha bypass vulnerability, present in the portal.

A  P.O.C (Point of concept) Video & Steps is attached below.


Jee Adv Portal with Captcha
JEEAdv Portal with Captcha


JEE Advance portal source code, highlighting captcha image
JEE Advance portal source code, highlighting captcha image

you can clearly see in above image that captcha value is present in text in URL query.

opening the image URL in new tab will look like

Captcha image in new tab
Captcha image in new tab, URL query containing captcha value
Captcha image in new tab
changing the query change the captcha



Captcha is an essential security parameter to prevent brute-forcing attack, and I didn’t expected IIT JEE Advance portal to left behind this major security vulnerability.

Maybe this is not that major vulnerability for N.I.C (National Infomatic Centre) but this is motivation for security researchers to look for other major vulnerability that may be present there.


lame joke about JEE Advance captcha:

Kids solve captcha,

Men use scripts to solve captcha,

Legends just bypass captcha.


Do Share, Comment, because sharing is caring. 🙂

Leave a Reply