Description

CORS OriginHeaderScrutiny by OWASP

Cross-origin resource sharing by Wikipedia

Cross-origin resource sharing by PortSwigger
Cross-origin resource sharing: arbitrary origin trusted by PortSwigger
Cross-origin resource sharing: unencrypted origin trusted by PortSwigger
Cross-origin resource sharing: all subdomains trusted by PortSwigger

Articles

Exploiting CORS Misconfigurations for Bitcoins and Bounties by PortSwigger
Exploiting Misconfigured CORS by Geekboy
Critical Issue Opened Private Chats of Facebook Messenger Users by Cynet

Tools

testcors by me

Fail at CTF h1-212 - The Evil Job

Hackerone recently released a CTF created by [Jobert Abma](https://twitter.com/jobertabma){:class="flashlink" target="_blank"}. Even if I...… Continue reading

Vulnerability - Clickjacking »

Published on January 01, 1970