CORS vulnerability

(1,047 views)

The vulnerability is a mechanism for accessing data of other origins through AJAX[1] requests. Sites use CORS to bypass the SOP[2] and access other ORIGIN resources. If CORS is not implemented properly, the hacker can send a request to the target (for example, APIs) and introduce itself as a valid ORIGIN and access specific target resources. With this vulnerability, a Credential series can be stolen from the target site or CSRF[3] attacks can be scripted. Perform CORS vulnerability testing on domain.com: 1 - Consider a path such as domain.com/wp-json. 2 - We receive the request through BURP SUITE[4]. 3 - I add the parameter (origin: attacker.com) to the header section of the request. 4 - If our data showed and was in response to the following statements, it means that there is a vulnerability Sample output : Access-control-Allow-origin: https://attacker.com Access-control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE. ....... Access-control-Allow-Credentials: true A....

July 21, 2021
Subscribe
Notify of
guest
4 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
">">">">"><img sr
4 days ago

# hello world markdown
fgbfgnfgnfg

Last edited 4 days ago by ">">">">"><img sr
">
">
4 days ago

test
“><img src=x>

">">">">"><img sr
4 days ago
Reply to  ">

<mark>xss

Haj ali
Haj ali
2 years ago

Can he be our partner in the big Parnian company؟؟؟

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.