MoBiC-07: mt-scode CAPTCHA bypass
22:48 07.11.2007Next participant of the project is mt-scode. It is captcha anti-spam plugin for Movable Type (with port for Drupal). This is popular plugin which is using at many sites. So there are many thousands of sites which are in risk with this plugin.
This captcha is vulnerable to MustLive CAPTCHA bypass method. This Insufficient Anti-automation hole I found 25.10.2007.
For bypassing you need to use the same code and scode values many times (for every post). This is classic MustLive CAPTCHA bypass method.
Insufficient Anti-automation:
This exploit for educational purposes only.
You need to setup exploit to test it (set site’s URL and others data). If you want to test it immediately, here is online example.
I found this hole at blogs.nature.com which is using mt-scode.
Insufficient Anti-automation:
blogs.nature.com CAPTCHA bypass.html
Guys not overdo with this Captcha bypass test. Not post too much at this site. This exploit for educational purposes only.
Moral: never make such vulnerable captchas.
Середа, 09:59 20.10.2010
thank you for sharing
Середа, 20:15 20.10.2010
sevgi
You are welcome.