CORS Misconfigurations

Description

During the scan, Kayran managed to find CORS Misconfigurations.
Cross-Origin Resource Sharing is a technology being used by websites to make web browsers use the Same Origin Policy, and, enabling cross-domain communication between different websites.

An attacker might exploit the misconfigured CORS in order to get any sensitive data related to users or even their session.

Severity/Score

Average Score – 6.1 Medium

Recommendation

Use the Access-Control-Allow-Origin header to restrict which domains can create and send cross-origin requests to the web server.

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

https://cwe.mitre.org/data/definitions/16

https://cwe.mitre.org/data/definitions/346

< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »