CORS Vulnerability

3 years ago 176
BOOK THIS SPACE FOR AD
ARTICLE AD

PROTON SHLOK

Hello Everyone,

My Name is Shlok and this is my First Write-up,

Hello Guys mai mumbai aaya tha,faizu bhai to mile nhi Vulnerability mil gyi, So let’s talk about it

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other Origin(domain, scheme, or port) than its own from which a browser should permit loading of resources.

If the site specifies the header Access-Control-Allow-Credentials: true, third-party sites may be able to carry out privileged actions and retrieve sensitive information. This bug could be used to steal users information or force the user to execute unwanted actions. As long that a legit and logged in user is lure to access a attacker controlled HTML page.

Step 1:- First i intercept the request(burp-suite) of site let’s say(example.com) and send the request to repeater and the check the response which is 200.

Step 2:- Then i use Origin header for check if it is Vulnerable to CORS, then KABOOM!! the website we use in origin header is allowed by the site with the header of access-control-allow-origin

facebook.com is allowed by the site(example.com)

Step 3:- I created a small web page for getting the response, Attackers would treat many victims to visit the attacker’s website, if the victim is logged in, then his personal information is recorded in the attacker’s server. Attackers can perform any action in the user’s account, bypassing CSRF tokens.

getting info of the victim by just visiting attacker’s website

Step 4:- Last step Attacker gained access the victim account and perfom many unauthorized actions.

for better understanding i am providing some hackerone report

Thanks for Reading this

if you like it, clap it

Read Entire Article