Cors Misconfiguration

Hi gus i will share my last finding on vdp program on hacker while report closed so i dont need to hide my program name so lets go

It is Cors Misconfiguration lead me to read user data so first lets explain what is Cors Misconfiguration ?

A cross-origin resource-sharing misconfiguration occurs when the web server allows third-party domains to perform privileged tasks through the browsers of legitimate users. As the CORS mechanism relies on HTTP headers, a browser makes preflight requests to the cross-domain resource and checks whether the browser will be authorized to serve the actual request. Therefore, improper configuration of CORS headers allows malicious domains to access and exploit the web server’s API endpoints.

For more details you can read this article https://crashtestsecurity.com/cors-misconfiguration/

So now lets start

First while i explore site and let burp working i noticed request to /authenticate/current-user endpoint that retrive current user information request have origin header so i tried to change it and it work

so i go and create an account

Here u can see fake info for account and as poc here

Tip:

Always noitce origin header for request that retrive important information