Bugtraq @ SNSecurity wrote:
Quick Summary:
************************************************************************
Product : Movilnet's Web SMS.
Version : In-production versions.
Vendor : Movilnet - http://www.movilnet.com.ve/
Class : Remote
Criticality : High
Operating System(s) : N/A.
[snip]
Proof Of Concept Status
************************************************************************
No proof of Concept will be released until the provider has sorted out
the
issue.
A first impact Proof of Concept is to use imagemagick tools with gocr to
have a good image.
I've used colors level input: 31 0.11 160 (you can use gimp too to see
the effects) to have a white background and black (or most like black
:P) foreground.
Later i've used gocr with djpeg in pipe (see gocr -h to understand
better) and i've obtained the famous number.
I've already writed a perl software to send sms to cantv mobiles and not
is soo hard to implement this last operations, but not is public this
latest version because i do for myself.
Credits
************************************************************************
This vulnerability was discovered by Ruben Recabarren and Leandro
Leoncini
at SNSecurity's Research Lab.
Good work, to the advisors. But i think that everyone that have a not so
insane mind can understand the CanTv stupidity of this captcha
implementation.
