Research on CORS Misconfiguration- Cyber Sapiens Internship Task-12

What is CORS?

  1. User loads the page from “x.com”
  2. While loading the initial page from “x.com” a request is made to “y.com”. This request is known as cross origin request. Hence browser will first perform pre-flight request.
  3. If the pre-flight request is successful “y.com” sends the:

What is the CORS Misconfiguration?

Types of CORS Attacks

  1. Cross-origin redirects.
  2. Requests from serialized data.
  3. Request using the file: protocol.
  4. Sandboxed cross-origin requests.
  1. Proper configuration of cross-origin requests
  2. Only allow trusted sites
  3. Avoid whitelisting null
  4. Avoid wildcards in internal networks

References:

Profile Links:

--

--

--

I am a India Based Security Researcher, Bugcrowd Top 500 Hacker and Bug Bounty Leader of the BUGXS Community

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Civilization Hack Free Resources Generator

Adversarial Thinking — Improving Cybersecurity with Ants and Barcodes

Cybercriminals have abused API keys to steal millions in crypto

Warp Finance Reimburses Users with its Portal IOU Token

​​🔥METASTORM USERS, we are glad to show you the Token of our game $MEST

How to claim $EVMOS with Metamask wallet

Jambo Starts IDO Whitelist is Open Now!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prajit Sindhkar

Prajit Sindhkar

I am a India Based Security Researcher, Bugcrowd Top 500 Hacker and Bug Bounty Leader of the BUGXS Community

More from Medium

Research on Log4JShell-CVE-2021–44228-Cyber Sapiens Internship Task-7

SQL Injection - The File Upload Playground

Story of a weird CSRF bug

Stored XSS into HTML