Processing Rogue Cross Origin Request - Insecure Demo
processCOR.php located at www.andlabs.net is supposed to be accessible only from www.andlabs.org.
However the page is executed irrespective of the site making the Cross Origin Request.
Only the response is not accessible to sites other than www.andlabs.org.
PHP Source of http://www.andlabs.net/html5/processCOR.php:
echo date('l jS \of F Y h:i:s A');
To make a request to this page from www.andlabs.org and view the response click here.
Try making the same request from some other domain and capture the response in a proxy. It can be seen that response is the same as the one below.