CORS vulnerability


The vulnerability is a mechanism for accessing data of other origins through AJAX[1] requests. Sites use CORS to bypass the SOP[2] and access other ORIGIN resources. If CORS is not implemented properly, the hacker can send a request to the target (for example, APIs) and introduce itself as a valid ORIGIN and access specific target resources. With this vulnerability, a Credential series can be stolen from the target site or CSRF[3] attacks can be scripted. Perform CORS vulnerability testing on 1 - Consider a path such as 2 - We receive the request through BURP SUITE[4]. 3 - I add the parameter (origin: to the header section of the request. 4 - If our data showed and was in response to the following statements, it means that there is a vulnerability Sample output : Access-control-Allow-origin: Access-control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE. ....... Access-control-Allow-Credentials: true A....

July 21, 2021
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
">">">">"><img sr
4 days ago

# hello world markdown

Last edited 4 days ago by ">">">">"><img sr
4 days ago

“><img src=x>

">">">">"><img sr
4 days ago
Reply to  ">


Haj ali
Haj ali
2 years ago

Can he be our partner in the big Parnian company؟؟؟

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.