Exploiting Misconfigured CORS
Hi folks, This post is about some of the CORS misconfiguration which I see frequently, mostly in Django applications. Let’s assume all the test cases have been performed on the domain example.com Following are the most common CORS configurations • Access-Control-Allow-Origin: * • Remark: In this case we can fetch unauthenticated resources only. • Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true • Remark: In this case we can fetch unauthenticated resources only. • Access-Control-Allow-Origin: null Access-Control-Allow-Credentials: true • Remark: In this case we can fetch authenticated resources as well. • Access-Control-Allow-Origin: https://attacker.com Access-Control-Allow-Credentials: true • Remark: In this case we ca...