Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
ronnier
on March 19, 2010
|
parent
|
context
|
favorite
| on:
Tell HN : Wordpress.com exploit
I haven't tested this, but if it truly works, one just needs to include <script src="
http://wordpress.com/remote-login.php?action=jsonp&jsonp...
; in a page and harvest hashes of its visitors?
sandaru1
on March 19, 2010
|
prev
[–]
Yes. Just a simple JSONP API call.
stanleydrew
on March 19, 2010
|
parent
[–]
Is there wordpress JSONP API documentation anywhere? A couple of Google searches didn't turn anything up.
bittersweet
on March 19, 2010
|
root
|
parent
[–]
I checked out the Wordpress source just now and no mention of remote-login. I don't know if wordpress.com itself has any API documentation.
ErrantX
on March 19, 2010
|
root
|
parent
[–]
It looks like they have an xmlrpc.php file - so you could try using that.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
