How To Test Cross Origin Resource Sharing Vulnerability (OTG-CLIENT-007)
Hello Everyone,
This blog is all about Cross Origin Resource Sharing (CORS) Vulnerability. In my one year of research, I found various type of bypass, that I would like to discuss.
I will keep this blog to the point without discussing backend reason, so that beginner can find it an easy one.
If a site is allowing access control header at the output response then play with all the request and capture it on burp or any proxy you use.
After getting all directory on burp -> target -> sitemap, then this is a good time to test !!
Most of the people just test it on one point, but each directory has its own way to set access control header. So, test it on every directory. For example
-dir1
-sub_dir1
-sub_dir2
-dir2
-sub_dir1
-sub_dir2
Here you need to test on dir1 and dir2.
How To Test
First, put any random character at origin header at the input and see the output response.
POST/GET /page/etc
Host: example.com
......
origin: areyouvulnerable
......
Most probably you will get an error or same response as previous without access control header at the output. If you get same as areyouvulnerable then congrats :)
Now check for bypass:
================================================================
1- Add some character before working origin header
POST/GET /page/etc
Host: example.com
......
origin: areyouvulnerableexample.com
......
================================================================
2- Add some character after working origin header
POST/GET /page/etc
Host: example.com
......
origin: example.comareyouvulnerable
......
================================================================
3- Again add some character after working origin header with (Dot).
POST/GET /page/etc
Host: example.com
......
origin: example.com.areyouvulnerable
......
================================================================
4- Add % at the end of origin header.
POST/GET /page/etc
Host: example.com
......
origin: example.com%
......
AND
POST/GET /page/etc
Host: example.com
......
origin: example.com.%
......
If you find the same access control header at the output as above four cases then congrats.
Note:
Sometime CORS vulnerability present because the output response does not sensitive.
Conclusion
Test CORS vulnerability on every directory with the above four cases. Also, make sure the output response should be sensitive.
If you need a POC code for any of the above cases you can reach me on Facebook or Twitter.
This blog is all about Cross Origin Resource Sharing (CORS) Vulnerability. In my one year of research, I found various type of bypass, that I would like to discuss.
I will keep this blog to the point without discussing backend reason, so that beginner can find it an easy one.
If a site is allowing access control header at the output response then play with all the request and capture it on burp or any proxy you use.
After getting all directory on burp -> target -> sitemap, then this is a good time to test !!
Most of the people just test it on one point, but each directory has its own way to set access control header. So, test it on every directory. For example
-dir1
-sub_dir1
-sub_dir2
-dir2
-sub_dir1
-sub_dir2
Here you need to test on dir1 and dir2.
How To Test
First, put any random character at origin header at the input and see the output response.
POST/GET /page/etc
Host: example.com
......
origin: areyouvulnerable
......
Most probably you will get an error or same response as previous without access control header at the output. If you get same as areyouvulnerable then congrats :)
Now check for bypass:
================================================================
1- Add some character before working origin header
POST/GET /page/etc
Host: example.com
......
origin: areyouvulnerableexample.com
......
================================================================
2- Add some character after working origin header
POST/GET /page/etc
Host: example.com
......
origin: example.comareyouvulnerable
......
================================================================
3- Again add some character after working origin header with (Dot).
POST/GET /page/etc
Host: example.com
......
origin: example.com.areyouvulnerable
......
4- Add % at the end of origin header.
POST/GET /page/etc
Host: example.com
......
origin: example.com%
......
AND
POST/GET /page/etc
Host: example.com
......
origin: example.com.%
......
================================================================
If you find the same access control header at the output as above four cases then congrats.
Note:
Sometime CORS vulnerability present because the output response does not sensitive.
Conclusion
Test CORS vulnerability on every directory with the above four cases. Also, make sure the output response should be sensitive.
If you need a POC code for any of the above cases you can reach me on Facebook or Twitter.
Thanks for sharing such informative article on Loadrunner Automation testing tool. This load testing tool will provide most precise information about the quality of software
ReplyDeleteMicrosoft Windows Azure Training | Online Course | Certification in chennai | Microsoft Windows Azure Training | Online Course | Certification in bangalore | Microsoft Windows Azure Training | Online Course | Certification in hyderabad | Microsoft Windows Azure Training | Online Course | Certification in pune
mmorpg oyunlar
ReplyDeleteinstagram takipçi satın al
tiktok jeton hilesi
tiktok jeton hilesi
antalya saç ekimi
referans kimliği nedir
İnstagram takipçi satın al
metin2 pvp serverler
takipci