Created
August 16, 2015 05:33
-
-
Save decal/753b1ec1d5e2c7281f73 to your computer and use it in GitHub Desktop.
Violate SOP (Same-Origin Policy) Universally on a Site By Taking Advantage of an "URLinURL" Parsing Web Server with a CGI Module Acting as an Open Proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Derek@UFO MSYS ~ | |
$ telnet www.bing.com. 80 | |
Trying 204.79.197.200... | |
Connected to www.bing.com.. | |
Escape character is '^]'. | |
HEAD / HTTP/1.1 | |
Host: www.bing.com | |
HTTP/1.1 200 OK | |
Cache-Control: private, max-age=0 | |
Content-Length: 0 | |
Content-Type: text/html | |
Vary: Accept-Encoding | |
Server: Microsoft-IIS/8.5 | |
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" | |
Set-Cookie: _FS=NU=1; domain=.bing.com; path=/ | |
Set-Cookie: _SS=SID=619CF09A50F5444BB7A5358698A3BCBD; domain=.bing.com; path=/ | |
Set-Cookie: SRCHD=AF=NOFORM; expires=Tue, 15-Aug-2017 05:25:44 GMT; domain=.bing.com; path=/ | |
Set-Cookie: SRCHUID=V=2&GUID=81CE555A59DE4C2B9F136A99D98F59F7; expires=Tue, 15-Aug-2017 05:25:44 GMT; path=/ | |
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20150816; expires=Tue, 15-Aug-2017 05:25:44 GMT; domain=.bing.com; path=/ | |
Edge-control: no-store | |
X-MSEdge-Ref: Ref A: B75DB4568C6144EABF380E2ABB7801D3 Ref B: 77D505F2735B26D2269433FD510A9BCD Ref C: Sat Aug 15 22:25:44 2015 PST | |
Set-Cookie: _EDGE_S=F=1&SID=0A36E8E506386DA517C2E0E007D46CCC; path=/; httponly; domain=bing.com | |
Set-Cookie: _EDGE_V=1; path=/; httponly; expires=Tue, 15-Aug-2017 05:25:44 GMT; domain=bing.com | |
Set-Cookie: MUID=3EA60EF34F5C6D6B258C06F64EB06CC3; path=/; expires=Tue, 15-Aug-2017 05:25:44 GMT; domain=bing.com | |
Set-Cookie: MUIDB=3EA60EF34F5C6D6B258C06F64EB06CC3; path=/; httponly; expires=Tue, 15-Aug-2017 05:25:44 GMT | |
Date: Sun, 16 Aug 2015 05:25:44 GMT | |
telnet> c | |
Connection closed. | |
Derek@UFO MSYS ~ | |
$ telnet www.bing.com.80bola.com. 80 | |
Trying 130.211.94.181... | |
Connected to www.bing.com.80bola.com.. | |
Escape character is '^]'. | |
HEAD / HTTP/1.1 | |
Host: www.bing.com | |
HTTP/1.1 200 OK | |
Server: nginx/1.0.15 | |
Date: Sun, 16 Aug 2015 05:26:10 GMT | |
Content-Type: text/html; charset=UTF-8 | |
Connection: keep-alive | |
X-Powered-By: PHP/5.6.11 | |
Connection closed by foreign host. | |
Derek@UFO MSYS ~ | |
$ telnet www.bing.com.80bola.com. 80 | |
Trying 130.211.94.181... | |
Connected to www.bing.com.80bola.com.. | |
Escape character is '^]'. | |
HEAD / HTTP/1.1 | |
Host: www.bing.com.80bola.com. | |
HTTP/1.1 200 OK | |
Server: nginx/1.0.15 | |
Date: Sun, 16 Aug 2015 05:26:43 GMT | |
Content-Type: text/html; charset=UTF-8 | |
Connection: keep-alive | |
X-Powered-By: PHP/5.6.11 | |
HEAD / HTTP/1.1 | |
Host: www.bing.com.80bola.com | |
HTTP/1.1 200 OK | |
Content-Type: text/html;charset=UTF-8 | |
Connection: keep-alive | |
X-Powered-By: PHP/5.6.11 | |
Cache-Control: max-age=0, private | |
content-length: 0 | |
Date: Sun, 16 Aug 2015 05:26:58 GMT | |
Edge-control: no-store | |
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" | |
Server: Microsoft-IIS/8.5 | |
Set-Cookie: _FS=NU=1; domain=.bing.com; path=/ | |
Set-Cookie: _SS=SID=BC8950DBBD124F60ACD9BAE4F8549B7A; domain=.bing.com; path=/ | |
Set-Cookie: SRCHD=AF=NOFORM; expires=Tue, 15-Aug-2017 05:26:58 GMT; domain=.bing.com; path=/ | |
Set-Cookie: SRCHUID=V=2&GUID=913F5D4251A549F48DC9401698F6879E; expires=Tue, 15-Aug-2017 05:26:58 GMT; path=/ | |
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20150816; expires=Tue, 15-Aug-2017 05:26:58 GMT; domain=.bing.com; path=/ | |
Set-Cookie: _EDGE_S=F=1&SID=0E8ABA84655C6C01253BB28164646D26; path=/; httponly; domain=bing.com | |
Set-Cookie: _EDGE_V=1; path=/; httponly; expires=Tue, 15-Aug-2017 05:26:58 GMT; domain=bing.com | |
Set-Cookie: MUID=284438395AAF62CF02ED303C5B9763FE; path=/; expires=Tue, 15-Aug-2017 05:26:58 GMT; domain=bing.com | |
Set-Cookie: MUIDB=284438395AAF62CF02ED303C5B9763FE; path=/; httponly; expires=Tue, 15-Aug-2017 05:26:58 GMT | |
Vary: Accept-Encoding | |
X-MSEdge-Ref: Ref A: 7F7F78A0DD034E1E997C31CD2A8E69F4 Ref B: B49129E8B14932A421BDC4A8B0ED0AB6 Ref C: Sat Aug 15 22:26:58 2015 PST | |
Connection closed by foreign host. | |
Derek@UFO MSYS ~ | |
$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment