If the victim application is vulnerable to CORS exploit, using this exploit script we were able send sensitive imformation to the attacker server.
-
git clone https://github.com/topavankumarj/CORS-Exploit-Script
-
Edit
CORS_POC.html
and change thevictim_URL
value andattacker_URL
value. -
Now up the python server using the below command
python3 -m http.server --cgi 5555`
-
Run the ngrock ( optional)
./ngrock http 5555`
-
Now open the
CORS_POC.html
from the victim browser.
If the applicaiton in vulnerable and everything goes well, the exploit script will sends sensitive information to the attacker server.