What’s CORS Misconfiguration !?
CORS, which stands for Cross-Origin Resource Sharing, is a security feature implemented by web browsers to control which web domains can access resources hosted on another domain. This security feature is important because it helps prevent potential security vulnerabilities that can arise when web pages make requests to different domains.
A CORS misconfiguration occurs when a web application or server is not properly configured to handle CORS requests. This can lead to security vulnerabilities and unexpected behavior in web applications.
Browser policy to check CORS:
redacted.tld
⇒ attacker.tld
redacted.tld
⇒ sub.redacted.tld
redacted.tld:443
⇒ redacted.tld:3001
https://redacted.tld
⇒ http://redacted.tld
Access-Control-Allow-(*) Response’s Headers:
*
→ allow any domainhttps://redacted.tld
→ A fully qualified domain nameOrigin:
This header is part of the request that the client is making, and will contain the domain from which the application is started. For security reasons, browsers will not allow you to overwrite this value.
Payloads:
Origin: https://www.attacker.tld
Origin: http://vuln-bank.tld
Origin: null
Origin: https://vuln-bank.tld.www.attacker.tld
Origin: https://vuln-bank.tldwww.attacker.tld
Origin: https://subdomain.vuln-bank.tld
Origin: https://vuln-bank.tl
Origin: https://vuln-bank.tld_www.attacker.tld
Origin: https://subdomainvuln-bank.tld[Totally remove origin header]