[wp-trac] [WordPress Trac] #11685: Search flood exploit
WordPress Trac
wp-trac at lists.automattic.com
Sat Jan 2 05:35:10 UTC 2010
#11685: Search flood exploit
--------------------------+-------------------------------------------------
Reporter: scribu | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: wontfix
Keywords: |
--------------------------+-------------------------------------------------
Comment(by Viper007Bond):
Replying to [comment:7 miqrogroove]:
> > To prevent this would require logging of page requests by IP
>
> Smaller websites often use captcha or full user registration, because
they can be implemented at the script (i.e. plugin) level.
http://blog.com/foobar requires a search of the database to try and find a
matching Page or post. You could easily just tag on random parameters and
accomplish the same thing.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11685#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list