This is also a straight up CSRF exploit as well -- the script does what it looks like it will do. Change the root user's mysql password with no interaction.