MoBiC-06: itua.info CAPTCHA bypass

22:54 06.11.2007

Next participant of the project is captcha at itua.info. Which is using in subscribe form at every news page of the site.

This captcha is vulnerable for two methods of bypassing. These Insufficient Anti-automation holes I found 16.10.2007.

1. Code guessing bypass method.

Captcha has easy algorithm of images generation (constant). Code on image is less on 111 from t parameter’s value. So it’s easy for program to find out what is the code needed for current captcha.

2. MustLive CAPTCHA bypass method.

For bypassing you need to use the same skod and iskod values many times (for every post). This is my mine CAPTCHA bypass method. And use new email for every post.

Insufficient Anti-automation:

itua.info CAPTCHA bypass.html

This exploit for educational purposes only.

Moral: never make such unreliable captchas.


Leave a Reply

You must be logged in to post a comment.