-
Notifications
You must be signed in to change notification settings - Fork 0
/
cors.go
77 lines (63 loc) · 1.57 KB
/
cors.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package main
import (
"bufio"
"encoding/json"
"fmt"
"log"
"os"
"strings"
)
func main() {
responseHeaders := make(map[string]string)
// Read a bunch of headers from Stdin.
r := bufio.NewReader(os.Stdin)
for {
l, p, err := r.ReadLine()
// If you hit an error, just log it and go home.
if err != nil {
if len(responseHeaders) == 0 {
log.Fatalf("Error reading headers: %s", err.Error())
} else {
break
}
}
if p {
log.Fatalf("Too long. cURL is trolling")
}
// Split on a colon. It's required.
kv := strings.SplitN(string(l), ":", 2)
if len(kv) != 2 {
responseHeaders[kv[0]] = ""
continue
}
// Remove all colons. Trolly headers won't matter...
headerName := strings.ToLower(strings.TrimSpace(kv[0]))
headerValue := strings.ToLower(strings.TrimSpace(kv[1]))
responseHeaders[headerName] = headerValue
}
// We want something understandable. Let's find only vulnerable.
hasBadAcao := false
hasAcac := false
hostName := ""
for headerName, headerValue := range responseHeaders {
if headerName == "access-control-allow-origin" {
if strings.Contains(headerValue, "evil.com") {
hostName = strings.Replace(headerValue, "evil.com", "", 1)
hasBadAcao = true
}
}
if headerName == "access-control-allow-credentials" {
if strings.Contains(headerValue, "true") {
hasAcac = true
}
}
}
if hasBadAcao && hasAcac {
responseHeaders["x-hostname"] = hostName
pwned, err := json.Marshal(responseHeaders)
if err != nil {
log.Fatalf("Couldn't marshal: %s", err.Error())
}
fmt.Println(string(pwned))
}
}