Dear Jos?e M. Palazon Romero,
This approach is not new, it was demonstrated by ShAnKaR
<shankar_(at)_shankar.name> against Simple Machines Forum 1.1.2 in June,
2007.
See:
http://securityvulns.ru/Rdocument271.html (in Russian)
http://securityvulns.ru/files/capcha.pl (Exploit code)
http://www.securityfocus.com/archive/1/archive/1/471641/100/0/threaded
--Tuesday, January 15, 2008, 9:01:03 AM, you wrote to bugtraq_at_securityfocus.com:
JeMPR> Hi all,
JeMPR> Some days ago I wrote an advisory which demonstrates how the
Peter's
JeMPR> Math Antispam Spinoff plugin for wordpress
JeMPR> (http://www.theblog.ca/math-anti-spam) can be defeated by its
audio file.
JeMPR> It's hard to summarize, you better read the advisory, but in a
very
JeMPR> small nutshell, the flaw its about not using any kind of
distortion on
JeMPR> the audio clip, which makes it easily identificable by a script.
JeMPR> Here is the link:
JeMPR> http://docs.google.com/View?docid=df36cd52_19xzmkwqcg
JeMPR> I'm sure you will find the advisory inspirational, as the
approach is
JeMPR> applicable to many other capthas, and anti-script methods.
JeMPR> Regards
JeMPR> Jose
--
~/ZARAZA http://securityvulns.com/
×åëîâåê ýòî òàéíà... ÿ çàíèìàþñü ýòîé òàéíîé ÷òîáû áûòü ÷åëîâåêîì. (Äîñòîåâñêèé)
Received on Jan 16 2008
Intro
