Mailing List Archive

Exploiting the SpamBam plugin for wordpress
The attached exploit demonstrates that the WordPress SpamBam plugin can
be bypassed due to relying on the client for security.

Vulnerable software:
SpamBam ( by Gareth Heyes

No matter how hard you ofuscate or encrypt your code, never, under no
circunstances, rely any security aspect on the client. Never!

How the plugin works:
It generates a pseudo-random code both on the client and the server to
generate a key.
On form submit, both key values are checked and they should match to
allow comment insertion.

How the exploit works:
It does nothing but acting as a client. It parses the html, extracts
the javascript, process it to calculate the key and fills the hidden
field with it.

There's no fix for this. It's a design flaw.