Last active
November 14, 2018 07:01
-
-
Save ropnop/08499c86ca4d3f5a5e7a29f6cedd51d3 to your computer and use it in GitHub Desktop.
Revisions
-
ropnop revised this gist
Jan 22, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,11 +34,11 @@ <h1>CORS Test PoC</h1> url: targetUrl, success: function (data) { var test_data = data; $("#test_data").text(JSON.stringify(test_data)); }, error: function (data, textStatus, xhr) { console.log("error", data.status); $("#test_data").text("Error retrieving data. Check console for more info. Response text: "+JSON.stringify(data.responseText)); } }); -
Jan 22, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,48 @@ <html> <script src="https://code.jquery.com/jquery-3.2.1.min.js"></script> <h1>CORS Test PoC</h1> <label for="target_url">Endpoint to test: </label><input type="url" id="target_url" size=100 placeholder="Target URL"><br/> <input type="checkbox" id="with_creds_checkbox" value="with_creds"><label for="with_creds_checkbox">With Credentials?</label><br/> <input type="submit" id="submit_btn" value="Make Request"> <hr> <p>If the site is vulnerable to an overly permissive CORS policy, the response of the above request will appear in the box below</p> <div id="test_data" style="border:1px solid darkred; color: red"> Waiting to test... </div> <script> $(document).ready(function () { $("#submit_btn").click(function () { if ($("#with_creds_checkbox").is(":checked")) { $.ajaxSetup({ xhrFields: { withCredentials: true } }); } else { $.ajaxSetup({ xhrFields: { withCredentials: false } }); } targetUrl = $("#target_url").val(); $.ajax({ type: "GET", url: targetUrl, success: function (data) { var test_data = data; $("#test_data").text(test_data); }, error: function (data, textStatus, xhr) { console.log("error", data.status); $("#test_data").text("Error retrieving data. Check console for more info"); } }); }); }); </script> </html>