MoBiC-30: ESP-PIX CAPTCHA bypass

22:53 30.11.2007

Next participant of the Month of Bugs in Captchas project is ESP-PIX captcha. This is advanced type of captchas where instead of typing letters and numbers, human need to recognize what object is common in a set of images. It was the first example of a captcha based on image recognition. And it’s recommended by www.captcha.net.

It is advanced captcha which can’t be bypassed by OCR, but it can be bypassed using my method. This captcha is vulnerable for MustLive CAPTCHA bypass method. This Insufficient Anti-automation hole I found 13.09.2007.

For bypassing captcha you need to use the same tag and words values many times (for every post). This is classic MustLive CAPTCHA bypass method, which easily bypass such advanced captchas.

Insufficient Anti-automation:

ESP-PIX CAPTCHA bypass.html

This exploit for educational purposes only.

Moral: never make such unreliable captchas.

P.S.

Tomorrow I will total the project’s results.


Leave a Reply

You must be logged in to post a comment.