This website has an insecure CORS configuration in that it trusts all origins.
Press enter or click to view image in full size
Hello fellow hackers, today I’m going to show you how I found a CORS vulnerability and leveraged it to access the server log and obtain juicy information.
CORS — Cross-Origin Resource Sharing Vulnerability.
The main motive of this vulnerability is that it works because of trust.
- The Server trusts the Browser (because you are logged in).
- The Server mistakenly trusts the Attacker’s Website (due to a bad configuration).
- The Browser is caught in the middle and hands the data to the Attacker.
Without wasting time, let’s get into the walkthrough. I quickly logged in to the website using Wiener's credentials.
Press enter or click to view image in full size
I checked the response by applying origin: https://example.com. I can see Access-Control-Allow-Origin: example.com in the response.