CORS vulnerability


The vulnerability is a mechanism for accessing data of other origins through AJAX[1] requests. Sites use CORS to bypass the SOP[2] and access other ORIGIN resources. If CORS is not implemented properly, the hacker can send a request to the target (for example, APIs) and introduce itself as a valid ORIGIN and access specific target resources. With this vulnerability, a Credential series can be stolen from the target site or CSRF[3] attacks can be scripted. Perform CORS vulnerability testing on 1 - Consider a path such as 2 - We receive the request through BURP SUITE[4]. 3 - I add the parameter (origin: to the header section of the request. 4 - If our data showed and was in response to the following statements, it means that there is a vulnerability Sample output : Access-control-Allow-origin: Access-control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE. ....... Access-control-Allow-Credentials: true A....

July 21, 2021
Notify of
1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Haj ali
Haj ali
2 years ago

Can he be our partner in the big Parnian company؟؟؟

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.