Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Bugtraq: Bugtraq

Exploiting the SpamBam plugin for wordpress

 

 

Bugtraq bugtraq RSS feed   Index | Next | Previous | View Threaded


josem.palazon at gmail

Jan 14, 2008, 10:01 PM

Post #1 of 1 (593 views)
Permalink
Exploiting the SpamBam plugin for wordpress

The attached exploit demonstrates that the WordPress SpamBam plugin can
be bypassed due to relying on the client for security.

Vulnerable software:
SpamBam (http://wordpress.org/extend/plugins/spambam/) by Gareth Heyes

Vulnerability:
No matter how hard you ofuscate or encrypt your code, never, under no
circunstances, rely any security aspect on the client. Never!

How the plugin works:
It generates a pseudo-random code both on the client and the server to
generate a key.
On form submit, both key values are checked and they should match to
allow comment insertion.

How the exploit works:
It does nothing but acting as a client. It parses the html, extracts
the javascript, process it to calculate the key and fills the hidden
field with it.

Solution:
There's no fix for this. It's a design flaw.
Attachments: spambam.pl (2.80 KB)

Bugtraq bugtraq RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.