josem.palazon at gmail
Jan 14, 2008, 10:01 PM
Post #1 of 1
The attached exploit demonstrates that the WordPress SpamBam plugin can
Exploiting the SpamBam plugin for wordpress
be bypassed due to relying on the client for security.
SpamBam (http://wordpress.org/extend/plugins/spambam/) by Gareth Heyes
No matter how hard you ofuscate or encrypt your code, never, under no
circunstances, rely any security aspect on the client. Never!
How the plugin works:
It generates a pseudo-random code both on the client and the server to
generate a key.
On form submit, both key values are checked and they should match to
allow comment insertion.
How the exploit works:
It does nothing but acting as a client. It parses the html, extracts
field with it.
There's no fix for this. It's a design flaw.