Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cantv/Movilnet's Web SMS vulnerability.

from [raven] Network Security [Permanent Link]
Subject: Re: Cantv/Movilnet's Web SMS vulnerability.
Date: Wed, 29 Mar 2006 01:10:45 +0200
Bugtraq @ SNSecurity wrote: 

Quick Summary:
************************************************************************

Product : Movilnet's Web SMS.
Version : In-production versions.
Vendor : Movilnet - http://www.movilnet.com.ve/
Class : Remote
Criticality : High
Operating System(s) : N/A.
[snip] 
Proof Of Concept Status
************************************************************************

No proof of Concept will be released until the provider has sorted out the
issue.
A first impact Proof of Concept is to use imagemagick tools with gocr to have a good image.
I've used colors level input: 31 0.11 160 (you can use gimp too to see the effects) to have a white background and black (or most like black :P) foreground.
Later i've used gocr with djpeg in pipe (see gocr -h to understand better) and i've obtained the famous number.
I've already writed a perl software to send sms to cantv mobiles and not is soo hard to implement this last operations, but not is public this latest version because i do for myself.

Credits
************************************************************************

This vulnerability was discovered by Ruben Recabarren and Leandro Leoncini
at SNSecurity's Research Lab.

Good work, to the advisors. But i think that everyone that have a not so insane mind can understand the CanTv stupidity of this captcha implementation.

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  PhxContacts <= 0.93.1 beta Multiple SQL injection & xss, dabdoub-mosikar
Next by Date:  Full path disclosure in Webcalendar 1.1.0-CVS, crasher
Previous by Thread:  Cantv/Movilnet's Web SMS vulnerability., Bugtraq @ SNSecurity
Next by Thread:  Re: Re: Cantv/Movilnet's Web SMS vulnerability., rrecabarren
Indexes:  [Date] [Thread] [Top] [All Lists]