all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CORS Vulnerability with Basic Origin Reflection | 2023

Add to bookmarks
Feb. 7, 2023, 3:11 a.m. | Karthikeyan Nagaraj

InfoSec Write-ups - Medium infosecwriteups.com

Portswigger’s Cross-Origin Resource Sharing Lab Simple Solution | Karthikeyan Nagaraj

Lab Description:

  • This website has an insecure CORS configuration in that it trusts all origins.
  • To solve the lab, craft some JavaScript that uses CORS to retrieve the administrator’s API key and upload the code to your exploit server.
  • The lab is solved when you successfully submit the administrator’s API key.
  • You can log in to your own account using the following credentials: wiener:peter

Analysis:

  1. Turn your proxy On and …

basic bug bounty cors hacking origin portswigger vulnerability

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Tutorial on x86 Architecture: From Basics to Cybersecurity Links 1 day, 17 hours ago | infosecwriteups.com
architecture basics components continue +14
NTFS Filesystem: Alternate Data Stream (ADS) 1 day, 17 hours ago | infosecwriteups.com
filesystem forensics ntfs security +1
Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus 1 day, 17 hours ago | infosecwriteups.com
hacker hacking hacking tools linux +1
Breaking Safeguards: Unveil “Many-Shot Jailbreaking” a Method to Bypass All LLM Safety Measures 1 day, 17 hours ago | infosecwriteups.com
artificial intelligence breaking bypass chatgpt +15
XSS Unpacked: What It Is, How It Works, and How to Stop It 1 day, 17 hours ago | infosecwriteups.com
cybersecurity script-injection secure coding web security +1
How I Hack Web Applications (Part 1) 1 day, 17 hours ago | infosecwriteups.com
application security bug bounty ethical hacking infosec +1
Storm Breaker: Unveiling the Power of the Social Engineering Tool 1 day, 17 hours ago | infosecwriteups.com
capabilities continue cybersecurity engineering +12
CVE-2024–3400: A Critical Vulnerability in PAN-OS Firewalls 1 day, 17 hours ago | infosecwriteups.com
bug bounty command command injection critical +13
If You Want To Be A CISO Then Read This First … 1 day, 17 hours ago | infosecwriteups.com
career advice careers ciso cybersecurity +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Systems Security Officer (ISSO), Junior

@ Dark Wolf Solutions | Remote / Dark Wolf Locations
View on infosec-jobs.com

Cloud Security Engineer

@ ManTech | REMT - Remote Worker Location
View on infosec-jobs.com

SAP Security & GRC Consultant

@ NTT DATA | HYDERABAD, TG, IN
View on infosec-jobs.com

Security Engineer 2 - Adversary Simulation Operations

@ Datadog | New York City, USA
View on infosec-jobs.com
View more jobs