Posts

Showing posts from October, 2017

Exploiting Misconfigured CORS

Hi folks, 

This post is about some of the CORS misconfiguration which I see frequently, mostly in Django applications.

Let’s assume all the test cases have been performed on the domain example.com

Following are the most common CORS configurations 

• Access-Control-Allow-Origin: *
       • Remark: In this case we can fetch unauthenticated resources only.

• Access-Control-Allow-Origin: *
          Access-Control-Allow-Credentials: true
      •Remark: In this case we can fetch unauthenticated resources only.

• Access-Control-Allow-Origin: null
          Access-Control-Allow-Credentials: true
      •Remark: In this case we can fetch authenticated    resources as well.

• Access-Control-Allow-Origin: https://attacker.com
          Access-Control-Allow-Credentials: true
     • Remark: In this case we can fetch authenticated resources as well.

• Access-Control-Allow-Origin: https://example.com
          Access-Control-Allow-Credentials: true
    • Remark: Properly implemented

So we usually see these type of CO…