Bugtraq @ SNSecurity wrote:
Quick Summary: ************************************************************************ Product : Movilnet's Web SMS. Version : In-production versions. Vendor : Movilnet - http://www.movilnet.com.ve/ Class : Remote Criticality : High Operating System(s) : N/A.
[snip]
A first impact Proof of Concept is to use imagemagick tools with gocr to have a good image. I've used colors level input: 31 0.11 160 (you can use gimp too to see the effects) to have a white background and black (or most like black :P) foreground. Later i've used gocr with djpeg in pipe (see gocr -h to understand better) and i've obtained the famous number. I've already writed a perl software to send sms to cantv mobiles and not is soo hard to implement this last operations, but not is public this latest version because i do for myself.Proof Of Concept Status ************************************************************************No proof of Concept will be released until the provider has sorted out theissue.
Good work, to the advisors. But i think that everyone that have a not so insane mind can understand the CanTv stupidity of this captcha implementation.Credits ************************************************************************This vulnerability was discovered by Ruben Recabarren and Leandro Leonciniat SNSecurity's Research Lab.