Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18864
HistoryJan 16, 2008 - 12:00 a.m.

Exploiting the SpamBam plugin for wordpress

2008-01-1600:00:00
vulners.com
16
JSON

The attached exploit demonstrates that the WordPress SpamBam plugin can
be bypassed due to relying on the client for security.

Vulnerable software:
SpamBam (http://wordpress.org/extend/plugins/spambam/) by Gareth Heyes

Vulnerability:
No matter how hard you ofuscate or encrypt your code, never, under no
circunstances, rely any security aspect on the client. Never!

How the plugin works:
It generates a pseudo-random code both on the client and the server to
generate a key.
On form submit, both key values are checked and they should match to
allow comment insertion.

How the exploit works:
It does nothing but acting as a client. It parses the html, extracts
the javascript, process it to calculate the key and fills the hidden
field with it.

Solution:
There's no fix for this. It's a design flaw.

JSON