Insecure CORS Configuration

Background concept of CORS.

Cross-origin resource sharing (CORS) is a mechanism that allows using resources from any other domain. So, CORS introduced to eliminate some restrictions imposed by the SOP which block requests from accessing data on a Web Application unless it comes from the same origin. In simple words, Imaging the wants to access some data from another website, supposed This type of request wouldn’t be allowed under the browser’s SOP. However, by CORS request, add a few special response headers that allow to use its data.

How to find CORS in your Target web application

1. Capture the request in Burp suit

Insecure CORS Configuration - Securium Solutions

2. Crawl your target web application

Insecure CORS Configuration 1 - Securium Solutions

3. Now Search the “Access-Control-Allow-Origin" in the Response Header Using the Burp search

Insecure CORS Configuration 2 - Securium Solutions

4. Now send that request in the Repeater

Insecure CORS Configuration 3 - Securium Solutions

5. Add a Header in the request Body
Origin: Http://

Insecure CORS Configuration 4 - Securium Solutions

6. If you will get 


Access-Control-Allow-Origin: *

7. Then your target site is Vulnerable to CORS
8. If you will get  

“Request Block”

Then it secures from CORS 

How to prevent CORS-based attacks:-

1. Proper configuration of cross-domain requests

2. Only allow trusted sites

3. Avoid whitelisting null



Table of Contents

Social Media