MoBiC-07: mt-scode CAPTCHA bypass

22:48 07.11.2007

Next participant of the project is mt-scode. It is captcha anti-spam plugin for Movable Type (with port for Drupal). This is popular plugin which is using at many sites. So there are many thousands of sites which are in risk with this plugin.

This captcha is vulnerable to MustLive CAPTCHA bypass method. This Insufficient Anti-automation hole I found 25.10.2007.

For bypassing you need to use the same code and scode values many times (for every post). This is classic MustLive CAPTCHA bypass method.

Insufficient Anti-automation:

mt-scode CAPTCHA bypass.html

This exploit for educational purposes only.

You need to setup exploit to test it (set site’s URL and others data). If you want to test it immediately, here is online example.

I found this hole at which is using mt-scode.

Insufficient Anti-automation: CAPTCHA bypass.html

Guys not overdo with this Captcha bypass test. Not post too much at this site. This exploit for educational purposes only.

Moral: never make such vulnerable captchas.

2 відповідей на “MoBiC-07: mt-scode CAPTCHA bypass”

  1. sevgi каже:

    thank you for sharing

  2. MustLive каже:


    You are welcome.

Leave a Reply

You must be logged in to post a comment.