Cross-Origin Resource Sharing (CORS)

https://gitlab.com/jobertabma/vulnerable-code/-/tree/master/cors?ref_type=heads

Step 1: Understand the Vulnerability

The provided code and instructions demonstrate how to exploit a Cross-Origin Resource Sharing (CORS) vulnerability. The index.php file has a misconfiguration that allows any origin to access the resources due to the Access-Control-Allow-Origin: * header.

Step 2: Create and Run the Bash Script

Create the Bash Script: Create a file named run_exploit.sh and add the provided Bash script to it.

#!/bin/bash

php -S 127.0.0.1:8080 -t cors &

open cors/exploit.htm

wait

Explanation of the Script:

php -S 127.0.0.1:8080 -t cors &: This starts a PHP built-in web server on 127.0.0.1:8080, serving files from the cors directory.
Open the exploit.html in the default web browser
wait: This waits for the background processes to finish.

2.Make the Script Executable: Change the script's permissions to make it executable.

chmod +x run_exploit.sh

3.Run the script:

Expected Outcomes:

When you run the automation script, it will start the PHP server on 127.0.0.1:8080 and serve the cors directory. The browser will open exploit.html, which will make a GET request to the PHP server and display the secret content returned by index.php.``

PreviousCommand-Injection NextDom-Clobbering

Last updated 1 year ago