all InfoSec news
CORS Vulnerability with Basic Origin Reflection | 2023
Feb. 7, 2023, 3:11 a.m. | Karthikeyan Nagaraj
InfoSec Write-ups - Medium infosecwriteups.com
Portswigger’s Cross-Origin Resource Sharing Lab Simple Solution | Karthikeyan Nagaraj
Lab Description:
- This website has an insecure CORS configuration in that it trusts all origins.
- To solve the lab, craft some JavaScript that uses CORS to retrieve the administrator’s API key and upload the code to your exploit server.
- The lab is solved when you successfully submit the administrator’s API key.
- You can log in to your own account using the following credentials: wiener:peter
Analysis:
- Turn your proxy On and …
basic bug bounty cors hacking origin portswigger vulnerability
More from infosecwriteups.com / InfoSec Write-ups - Medium
NTFS Filesystem: Alternate Data Stream (ADS)
1 day, 17 hours ago |
infosecwriteups.com
How I Hack Web Applications (Part 1)
1 day, 17 hours ago |
infosecwriteups.com
If You Want To Be A CISO Then Read This First …
1 day, 17 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Information Systems Security Officer (ISSO), Junior
@ Dark Wolf Solutions | Remote / Dark Wolf Locations
Cloud Security Engineer
@ ManTech | REMT - Remote Worker Location
SAP Security & GRC Consultant
@ NTT DATA | HYDERABAD, TG, IN
Security Engineer 2 - Adversary Simulation Operations
@ Datadog | New York City, USA