[wp-trac] [WordPress Trac] #16370: Vulnerability: Comment posting by Guest
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 25 14:06:36 UTC 2011
#16370: Vulnerability: Comment posting by Guest
--------------------------+-----------------------------------
Reporter: igisev | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 3.0.4
Severity: normal | Keywords: comment posting guest
--------------------------+-----------------------------------
If on "Discussion Settings" console page[[BR]]
"Users must be registered and logged in to comment" - is checked[[BR]]
then any visitor can leave comments on a site.
But if guest knows Email and/or "display name" of any registered user he
can leave the comment as though it was this user!
For example:[[BR]]
Admin Email is 'admin[at]myblog.com'. Admin display name is
'Administrator'.[[BR]]
Guest fill out comment form with:[[BR]]
Name: Administrator[[BR]]
E-Mail: admin[at]myblog.com[[BR]]
and press the "Submit Comment" button[[BR]]
[[Image(http://img838.imageshack.us/img838/3365/63231804.th.gif)]][[BR]]
Full size image: [http://img838.imageshack.us/img838/3365/63231804.gif]
As a result the comment of the visitor and the comment of the
Administrator look absolutely equally! =/[[BR]]
[[Image(http://img193.imageshack.us/img193/274/41043977.th.gif)]][[BR]]
Full size image: [http://img193.imageshack.us/img193/274/41043977.gif]
What you can say about this? =(
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16370>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list