ClickHouse Cloud - CORS + XSS PoC

Attacker: | Target: queries.clickhouse.cloud

Step 1: CORS Bypass Test (cookie-only, no token)

Tests if the endpoint authenticates via cookies alone (SameSite=None cookies sent cross-origin).

Waiting...

Step 2: CORS + Token = Full XSS

If we have a token, CORS preflight passes with Authorization header → full authenticated XSS.



Waiting...

Step 3: Auth0 Silent Auth (Token Theft)

Attempts to steal a fresh token via Auth0 silent auth. Tests multiple client IDs and redirect URIs.

Waiting...

Step 4: Full Chain (Auto)

If silent auth succeeds: steal token → CORS fetch XSS → exfiltrate data. All automatic.

Waiting...