References for CORS
Blogs / Articles:
https://root4loot.com/post/abusing_cors_origin/arrow-up-right
https://www.corben.io/advanced-cors-techniques/arrow-up-right
https://medium.com/bugbountywriteup/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397arrow-up-right
https://ejj.io/misconfigured-cors/index.htmlarrow-up-right
https://www.bedefended.com/papers/cors-security-guidearrow-up-right
https://medium.com/statuscode/cors-a-guided-tour-4e72230a8739arrow-up-right
https://www.yassineaboukir.com/blog/cors-exploitation-data-exfiltration-when-allowed-origin-is-set-to-null/arrow-up-right
https://medium.com/@armaanpathan/stealing-user-details-by-exploiting-cors-c5ee86ebe7fbarrow-up-right
https://notmarshmllow.medium.com/exploiting-cors-to-perform-an-idor-attack-leading-to-pii-information-disclosure-95ef21ecf8eearrow-up-right
Tools:
https://github.com/s0md3v/Corsyarrow-up-right
https://tools.honoki.net/cors.htmlarrow-up-right
https://github.com/Outpost24/outpost24-cors-check?utm_source=tldrsec.com&utm_medium=referral&utm_campaign=tl-dr-sec-252-perfecting-ransomware-on-aws-kubernetes-native-threat-detection-mitre-caldera-bounty-hunterarrow-up-right
Last updated 1 year ago
