.png)
3 years ago
170 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello Everyone,
My Name is Shlok and this is my First Write-up,
Hello Guys mai mumbai aaya tha,faizu bhai to mile nhi Vulnerability mil gyi, So let’s talk about it
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other Origin(domain, scheme, or port) than its own from which a browser should permit loading of resources.
If the site specifies the header Access-Control-Allow-Credentials: true, third-party sites may be able to carry out privileged actions and retrieve sensitive information. This bug could be used to steal users information or force the user to execute unwanted actions. As long that a legit and logged in user is lure to access a attacker controlled HTML page.
Step 1:- First i intercept the request(burp-suite) of site let’s say(example.com) and send the request to repeater and the check the response which is 200.
Step 2:- Then i use Origin header for check if it is Vulnerable to CORS, then KABOOM!! the website we use in origin header is allowed by the site with the header of access-control-allow-origin
Step 3:- I created a small web page for getting the response, Attackers would treat many victims to visit the attacker’s website, if the victim is logged in, then his personal information is recorded in the attacker’s server. Attackers can perform any action in the user’s account, bypassing CSRF tokens.
Step 4:- Last step Attacker gained access the victim account and perfom many unauthorized actions.
for better understanding i am providing some hackerone report
Thanks for Reading this
Bengali (Bangladesh) · 
English (United States) ·