Lab: CORS vulnerability with basic origin reflection(Portswigger Labs)
好的,我现在要帮用户总结一篇文章的内容,控制在100字以内。首先,我需要仔细阅读用户提供的文章内容。这篇文章主要讲述了一个黑客如何利用CORS配置不当的漏洞来获取服务器日志中的敏感信息。 文章开头提到网站的CORS配置不安全,信任所有来源。接着,作者详细描述了攻击过程:使用Wiener的凭证登录网站,发送请求并检查响应头,发现Access-Control-Allow-Origin设置为example.com,这表明服务器错误地信任了攻击者的网站。 接下来,我需要将这些关键点浓缩到100字以内。重点包括CORS漏洞、攻击者如何利用该漏洞、获取服务器日志以及敏感信息泄露。同时,要避免使用“文章内容总结”之类的开头语。 在总结时,我要确保语言简洁明了,直接描述事件经过和结果。例如,“作者利用CORS配置错误”、“通过设置特定来源”、“成功获取服务器日志”、“泄露敏感信息”。 最后,检查字数是否符合要求,并确保没有遗漏重要信息。这样用户就能快速了解文章的核心内容。 </think> 作者利用CORS配置错误漏洞,通过设置特定来源成功获取目标网站服务器日志,并从中提取敏感信息。 2026-2-22 14:45:43 Author: infosecwriteups.com(查看原文) 阅读量:9 收藏

This website has an insecure CORS configuration in that it trusts all origins.

Mukilan Baskaran

Press enter or click to view image in full size

Hello fellow hackers, today I’m going to show you how I found a CORS vulnerability and leveraged it to access the server log and obtain juicy information.

CORS — Cross-Origin Resource Sharing Vulnerability.

The main motive of this vulnerability is that it works because of trust.

  1. The Server trusts the Browser (because you are logged in).
  2. The Server mistakenly trusts the Attacker’s Website (due to a bad configuration).
  3. The Browser is caught in the middle and hands the data to the Attacker.

Without wasting time, let’s get into the walkthrough. I quickly logged in to the website using Wiener's credentials.

Press enter or click to view image in full size

I checked the response by applying origin: https://example.com. I can see Access-Control-Allow-Origin: example.com in the response.


文章来源: https://infosecwriteups.com/lab-cors-vulnerability-with-basic-origin-reflection-portswigger-labs-1d7699266907?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh