> For the complete documentation index, see [llms.txt](https://gowthams.gitbook.io/bughunter-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/cors.md).

# Cross Origin Resource Sharing (CORS)

**Blogs / Articles:**&#x20;

* <https://root4loot.com/post/abusing_cors_origin/>&#x20;
* <https://www.corben.io/advanced-cors-techniques/>
* <https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397>&#x20;
* <https://ejj.io/misconfigured-cors/index.html>&#x20;
* <https://www.bedefended.com/papers/cors-security-guide>
* <https://medium.com/statuscode/cors-a-guided-tour-4e72230a8739>
* <https://www.yassineaboukir.com/blog/cors-exploitation-data-exfiltration-when-allowed-origin-is-set-to-null/>
* [https://medium.com/@armaanpathan/stealing-user-details-by-exploiting-cors-c5ee86ebe7fb](https://t.co/XGhViaGuKj?amp=1)
* <https://notmarshmllow.medium.com/exploiting-cors-to-perform-an-idor-attack-leading-to-pii-information-disclosure-95ef21ecf8ee>

**Tools:**

* <https://github.com/s0md3v/Corsy>
* <https://tools.honoki.net/cors.html>

![](/files/-MWFhy-0HUgcWvHHgJF6)

* <https://github.com/Outpost24/outpost24-cors-check?utm_source=tldrsec.com&utm_medium=referral&utm_campaign=tl-dr-sec-252-perfecting-ransomware-on-aws-kubernetes-native-threat-detection-mitre-caldera-bounty-hunter>
*
