CORS

CWE-346: Origin Validation Error

PreviousCommand Injection NextCRLF

Last updated 1 year ago

Was this helpful?

Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain.

Misconfigured CORS

Step->1. Capture the target website and spider or crawl all the website using burp.
Step->2. Use burp search look for Access-Control
Step->3. Try to add Origin Header i.e,Origin:attacker.com or Origin:null or Origin:attacker.target.com or Origin:target.attacker.com
Step->4  If origin is reflected in response means the target is vuln to CORS

Method 2 (Multiple)

step 1-> find domains i.e subfinder -d target.com -o domains.txt
step 2-> check alive ones : cat domains.txt | httpx | tee -a alive.txt
step 3-> send each alive domain into burp i.e, cat alive.txt | parallel -j 10 curl --proxy "<http://127.0.0.1:8080>" -sk 2>/dev/null
step 4-> Repeat hunting method 1

Reports

CORS bug on google's 404 page (rewarded)
CORS misconfiguration leading to private information disclosure
CORS misconfiguration account takeover out of scope to grab items in scope
Chrome CORS