💻
OSWE Everything
💻
OSWE Everything
  • VULNERABILITIES
    • Type Juggling
    • Cross Site Scripting
      • Hunting for files
    • Insecure Deserialization
      • .NET
    • SQL Injection
      • Blind SQL Injection
      • SQLi debugging
      • Code review
      • Errors and additional information
      • Approaches to leverage different databases
    • XML External Entity (XXE)
      • Types of XML Entities
      • Exploitation
      • Wrappers for errors
      • Post Exploitation
    • OS Command Injection
      • Exploitation
    • Server Side Template Injection
      • Exploitation
    • Authentication Bypass
      • Checklist
  • Unsecure Random Function
    • Exploitation
  • Cross Origin Resource Sharing (CORS)
    • Prerequisites of Exploitation
  • Client Side Request Forgery (CSRF)
    • Prerequisites of Exploitation
  • Exploit Writing
    • Cheatsheet
    • Skeleton Scripts
  • Code review
    • Manual code review
      • Routing
      • Searching for exploits
      • Debugging
    • Decompilation
      • Java
      • .NET
    • Managing the application
      • Identifying application file location
      • Restarting web applications
      • Manipulation of Assembly Attributes for Debugging (.NET)
  • Preparation Machines
    • [HTB] Vault
    • Other HTB scripts
  • ADDITIONAL INFORMATION
    • Sources
  • External Resources
    • WhiteBox Pentest
Powered by GitBook
On this page
  • Prerequisites
  • Access-Control-Allow-Origin
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Credentials
  1. Cross Origin Resource Sharing (CORS)

Prerequisites of Exploitation

It is important to know that sometimes due to Same Origin Policy (SOP) you can trigger actions but it restrict the web page from sharing its content.

Prerequisites

Required headers:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: (Method type that we want to use)
Access-Control-Allow-Credentials: true

Access-Control-Allow-Origin

Works in some cases where application is misconfigured

Instead of Access-Control-Allow-Origin: * you can use header:

Origin: http://evil.com

In order to specify your origin.

Access-Control-Allow-Methods

Sometimes you are not able to use type of request that performs important actions. In this case try triggering the endpoint with other type of request and see what happens.

Access-Control-Allow-Credentials

This header allows you to send requests as authenticated user. Without this you cannot reach functionalities as logged in user.

PreviousCross Origin Resource Sharing (CORS)NextClient Side Request Forgery (CSRF)

Last updated 1 month ago