Tuesday, August 14, 2007

Exploits: WordPress 2.x Plugin "Show Top Commentators"

Everyone who knows me personally knows I'm not malicious. I don't go looking for things to poke, hack, peek, or reverse engineer. I just notice things others don't right away. Ask Santa, he'll tell ya. He validates me as a hacker, and that's all you need to know.
    Yes, that's NOT Santa's direct email address, yes I DO have and HAVE corresponded with Santa, and NO, it's none of your business either! NYAH!
While hitting my friend Troy Worman's site; Orbit Now; I spotted his entry "Sidenote", which really was vague to me...and I told him so.
    I do that for my friends, because I care.
While entering my info; Name, email, URL...standard Wordpress stuff; my new blog URL auto'ed in the text box, so I let it fly. That's when it hit me...I've been his Top Commentor, per his WordPress "Show Top Commentators" plug in he got, after getting info from Tony.

Before posting, I mouse overed my name that's showing proudly as Troy's top commentor. It showed my URL for Homeless Family's Blog, which it would since that's what I ALWAYS used as my URL for some time.I figured it'd create a duplicate or something, showing TWO 'JohnC' members.
    It didn't.
It replaced the existing URL and put it in the value for JohnC. At this point I'm not sure if it's Cookie based, which if it is means the 'identity' check is ok...but the sinister part...
    I don't care crap about the identity thing, because I just tagged a totally unknown site as Troy's #1 listed commentor there! I just got free link placement for using my head.
The bad thing...if this plug in is NOT cookie based, then ANYONE can do this to ANYONE's comment ID on a site.

Chances are it's safe to say that cookies ARE involved, which leads back to the first problem...the Top Commentator plugin can be gamed, by anyone posting over time genuinely wanting to quickly divert a number of high PR sites
    from a blog that's related to them, to a blog that just needs them for stats.
I'm JohnC, and that's the way the blog bounces.

Excuse me while I start creaming all my friends blogs that use Wordpress. I need all the help I can get.

No comments:

Post a Comment