all InfoSec news
Portswigger’s lab write up: CORS vulnerability with trusted null origin
DEV Community dev.to
In this apprentice-level lab, we will exploit a website with a CORS vulnerability that trusts the "null" origin to obtain a user's private credentials.
Upon logging in with the given credentials, we visit the account details page and check the response headers of the request to /accountDetails that fetches the user's API key:
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Connection: close
Content-Length: 149
{
"username": "wiener",
"email": "",
"apikey": "JQ7ufLKKzNoI4ahWKAKWBG5eP64wgwJW",
"sessions": [
"cdmflpOO6psYIp3novWUytbSDM9i68X1"
]
}
We can see …
access account api application check control cors credentials email exploit headers http json key lab length logging logging in origin portswigger private request response username vulnerability webdev website writeup