References for CORS
Last updated 2 months ago
Blogs / Articles:
https://root4loot.com/post/abusing_cors_origin/
https://www.corben.io/advanced-cors-techniques/
https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397
https://ejj.io/misconfigured-cors/index.html
https://www.bedefended.com/papers/cors-security-guide
https://medium.com/statuscode/cors-a-guided-tour-4e72230a8739
https://www.yassineaboukir.com/blog/cors-exploitation-data-exfiltration-when-allowed-origin-is-set-to-null/
https://medium.com/@armaanpathan/stealing-user-details-by-exploiting-cors-c5ee86ebe7fb
https://notmarshmllow.medium.com/exploiting-cors-to-perform-an-idor-attack-leading-to-pii-information-disclosure-95ef21ecf8ee
Tools:
https://github.com/s0md3v/Corsy
https://tools.honoki.net/cors.html
https://github.com/Outpost24/outpost24-cors-check?utm_source=tldrsec.com&utm_medium=referral&utm_campaign=tl-dr-sec-252-perfecting-ransomware-on-aws-kubernetes-native-threat-detection-mitre-caldera-bounty-hunter