Wildcard Origin

Description

Cross-Origin Resource Sharing (CORS) is a mechanism that enables web browsers to perform cross-domain requests using the XMLHttpRequest API.
These cross-origin requests have an Origin header, that identifies the domain which sends the request.
It defines the protocol to use between a web browser and a server to determine whether a cross-origin request is allowed.

Bussines Impact

This vulnerability arises the potential for cross-domain attacks if a website’s CORS policy is misconfigured and implemented.

Recommendation

To prevent this vulnerability from happening, make sure that the server uses Whitelist which knows which Origin sent the request and whether to confirm it.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »