| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Mar 2006 01:10:45 +0200 From: raven <locrideweb@...ero.it> To: "Bugtraq @ SNSecurity" <bugtraq@...ecurity.com> Cc: bugtraq@...urityfocus.com Subject: Re: Cantv/Movilnet's Web SMS vulnerability. Bugtraq @ SNSecurity wrote: > > Quick Summary: > ************************************************************************ > > Product : Movilnet's Web SMS. > Version : In-production versions. > Vendor : Movilnet - http://www.movilnet.com.ve/ > Class : Remote > Criticality : High > Operating System(s) : N/A. [snip] > Proof Of Concept Status > ************************************************************************ > > No proof of Concept will be released until the provider has sorted out > the > issue. A first impact Proof of Concept is to use imagemagick tools with gocr to have a good image. I've used colors level input: 31 0.11 160 (you can use gimp too to see the effects) to have a white background and black (or most like black :P) foreground. Later i've used gocr with djpeg in pipe (see gocr -h to understand better) and i've obtained the famous number. I've already writed a perl software to send sms to cantv mobiles and not is soo hard to implement this last operations, but not is public this latest version because i do for myself. > Credits > ************************************************************************ > > This vulnerability was discovered by Ruben Recabarren and Leandro > Leoncini > at SNSecurity's Research Lab. > Good work, to the advisors. But i think that everyone that have a not so insane mind can understand the CanTv stupidity of this captcha implementation.
Powered by blists - more mailing lists