Payroll Helpdesk, serving several prestigious companies
Ascent Consulting Services Pvt. Ltd.
There were validation flaws for GET Request Parameters sent to CAPTCHA image generating PHP script on the Portal.
This allowed attacker to trick the app to generate any number of characters consuming processing power.
It had a timout after 30 seconds (too much) and generated error message with full PATH of PHP file.
Also worked on older un-patched version of OpenSSL.
to read detailed Description... click here