Attacker Server

Exploit Page

/exploit.html - Malicious page for CORS attack

Exfiltration Endpoint

POST /steal - Receives stolen data

/stolen - View collected data (0 entries)

Attack Flow

1. Submit http://attacker-server:4014/exploit.html to admin bot
2. Admin's browser loads exploit page
3. JavaScript fetches /api/profile with credentials
4. CORS misconfiguration allows reading response
5. Stolen data sent to /steal endpoint
6. View at /stolen