ropnop/cors_poc_test.html

## cors_poc_test.html
<html>
<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<h1>CORS Test PoC</h1>
<label for="target_url">Endpoint to test: </label><input type="url" id="target_url" size=100 placeholder="Target URL"><br/>
<input type="checkbox" id="with_creds_checkbox" value="with_creds"><label for="with_creds_checkbox">With Credentials?</label><br/>
<input type="submit" id="submit_btn" value="Make Request">
<hr>
<p>If the site is vulnerable to an overly permissive CORS policy, the response of the above request will appear in the box below</p>

<div id="test_data" style="border:1px solid darkred; color: red">
    Waiting to test...
</div>

<script>
    $(document).ready(function () {
        $("#submit_btn").click(function () {
            if ($("#with_creds_checkbox").is(":checked")) {
                $.ajaxSetup({
                    xhrFields: {
                        withCredentials: true
                    }
                });
            }
            else {
                $.ajaxSetup({
                    xhrFields: {
                        withCredentials: false
                    }
                });
            }
            targetUrl = $("#target_url").val();
            $.ajax({
                type: "GET",
                url: targetUrl,
                success: function (data) {
                    var test_data = data;
                    $("#test_data").text(JSON.stringify(test_data));
                },
                error: function (data, textStatus, xhr) {
                    console.log("error", data.status);
                    $("#test_data").text("Error retrieving data. Check console for more info. Response text: "+JSON.stringify(data.responseText));
                }
            });

        });
    });
</script>
</html>
	<html>
	<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
	<h1>CORS Test PoC</h1>
	<label for="target_url">Endpoint to test: </label><input type="url" id="target_url" size=100 placeholder="Target URL"><br/>
	<input type="checkbox" id="with_creds_checkbox" value="with_creds"><label for="with_creds_checkbox">With Credentials?</label><br/>
	<input type="submit" id="submit_btn" value="Make Request">
	<hr>
	<p>If the site is vulnerable to an overly permissive CORS policy, the response of the above request will appear in the box below</p>

	<div id="test_data" style="border:1px solid darkred; color: red">
	Waiting to test...
	</div>

	<script>
	$(document).ready(function () {
	$("#submit_btn").click(function () {
	if ($("#with_creds_checkbox").is(":checked")) {
	$.ajaxSetup({
	xhrFields: {
	withCredentials: true
	}
	});
	}
	else {
	$.ajaxSetup({
	xhrFields: {
	withCredentials: false
	}
	});
	}
	targetUrl = $("#target_url").val();
	$.ajax({
	type: "GET",
	url: targetUrl,
	success: function (data) {
	var test_data = data;
	$("#test_data").text(JSON.stringify(test_data));
	},
	error: function (data, textStatus, xhr) {
	console.log("error", data.status);
	$("#test_data").text("Error retrieving data. Check console for more info. Response text: "+JSON.stringify(data.responseText));
	}
	});

	});
	});
	</script>
	</html>