This is a PoC to demonstrate a CORS misconfiguration vulnerability on .
withCredentials
Any information returned due to a lax CORS policy will be printed below: