lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 15 Jan 2008 06:01:53 +0000
From: "JosŽé M. Palazón Romero" <josem.palazon@...il.com>
To: bugtraq@...urityfocus.com
Subject: Exploiting the SpamBam plugin for wordpress

The attached exploit demonstrates that the WordPress SpamBam plugin can
be bypassed due to relying on the client for security.

Vulnerable software:
SpamBam (http://wordpress.org/extend/plugins/spambam/) by Gareth Heyes

Vulnerability:
No matter how hard you ofuscate or encrypt your code, never, under no
circunstances, rely any security aspect on the client. Never!

How the plugin works:
It generates a pseudo-random code both on the client and the server to
generate a key.
On form submit, both key values are checked and they should match to
allow comment insertion.

How the exploit works:
It does nothing but acting as a client. It parses the html, extracts
the javascript, process it to calculate the key and fills the hidden
field with it.

Solution:
There's no fix for this. It's a design flaw.


View attachment "spambam.pl" of type "text/plain" (2870 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ