Posts

Showing posts from June, 2018

How To Test Cross Origin Resource Sharing Vulnerability (OTG-CLIENT-007)

Hello Everyone, This blog is all about Cross Origin Resource Sharing (CORS) Vulnerability. In my one year of research, I found various type of bypass, that I would like to discuss. I will keep this blog to the point without discussing backend reason, so that beginner can find it an easy one. If a site is allowing access control header at the output response then play with all the request and capture it on burp or any proxy you use. After getting all directory on burp -> target -> sitemap, then this is a good time to test !! Most of the people just test it on one point, but each directory has its own way to set access control header. So, test it on every directory. For example -dir1        -sub_dir1        -sub_dir2 -dir2        -sub_dir1        -sub_dir2 Here you need to test on dir1 and dir2. How To Test First, put any random character at origin header at the input and see the output response. POST/GET  /page/etc Host: example.com ...... origin: areyo

How To Test Cross Origin Resource Sharing Vulnerability (OTG-CLIENT-007)

Hello Everyone, This blog is all about Cross Origin Resource Sharing (CORS) Vulnerability. In my one year of research, I found various type of bypass, that I would like to discuss. I will keep this blog to the point without discussing backend reason, so that beginner can find it an easy one. If a site is allowing access control header at the output response then play with all the request and capture it on burp or any proxy you use. After getting all directory on burp -> target -> sitemap, then this is a good time to test !! Most of the people just test it on one point, but each directory has its own way to set access control header. So, test it on every directory. For example -dir1        -sub_dir1        -sub_dir2 -dir2        -sub_dir1        -sub_dir2 Here you need to test on dir1 and dir2. How To Test First, put any random character at origin header at the input and see the output response. POST/GET  /page/etc Host: example.com ...... origin: areyo