Consent Takeover PoC

Session Fixation + CORS Chain on DPG Privacy Gate (pg.tweakers.net)

Researcher: adriansie25 | Domain: poc-dpgmedia.nl

Step 1: Read Consent (Cross-Origin)

Reads the victim's consent record from pg.tweakers.net via CORS. Requires known authId (obtained via session fixation).

Step 2: Write Consent — Accept All (Cross-Origin)

Overrides the victim's consent to accept-all, enabling 122 tracking vendors.

Step 3: Delete Consent (Cross-Origin)

Erases the victim's consent entirely. Privacy gate reappears on all DPG brands.

Console Log