Posts

Showing posts from October, 2017

Exploiting Misconfigured CORS

Hi folks,  This post is about some of the CORS misconfiguration which I see frequently, mostly in Django applications. Let’s assume all the test cases have been performed on the domain example.com Following are the most common CORS configurations  • Access-Control-Allow-Origin: *        • Remark: In this case we can fetch unauthenticated resources only. • Access-Control-Allow-Origin: *           Access-Control-Allow-Credentials: true       • Remark: In this case we can fetch unauthenticated resources only. • Access-Control-Allow-Origin: null           Access-Control-Allow-Credentials: true       • Remark: In this case we can fetch authenticated    resources as well. • Access-Control-Allow-Origin: https://attacker.com           Access-Control-Allow-Credentials: true      • Remark: In this case we can fetch authenticated resources as well. • Access-Control-Allow-Origin: https://example.com           Access-Control-Allow-Credentials: true     • Remark