Insecure CORS Configuration

Background concept of CORS.

Cross-origin resource sharing (CORS) is a mechanism that allows using resources from any other domain.So, CORS introduced to eliminate some restrictions imposed by the SOP which block requests from accessing data on a Web Application unless it comes from the same originIn simple words, Imaging the wants to access some data from another website, supposed This type of request wouldn’t be allowed under the browser’s SOP. However, by CORS request, add a few special response headers that allow to use its data

How to find CORS in your Target web application

1. Capture the request in Burp suit
2. Crawl your target web application
3. Now Search the “Access-Control-Allow-Origin" in the Response Header Using the Burp search
4. Now send that request in the Repeater
5. Add a Header in the request Body
Origin: Http://
6. If you will get 
      Access-Control-Allow-Origin:       Access-Control-Allow-Origin: *
7. Then your target site is Vulnerable to CORS  
8. If you will get  
     “Request Block”
Then it secures from CORS 

How to prevent CORS-based attacks:-

1. Proper configuration of cross-domain requests 2. Only allow trusted sites 3. Avoid whitelisting null
Author:  Chaman

Leave A Comment