Exploiting trust - Weaponizing permissive CORS configurations

Posted Oct 1, 2024

By Thomas Stacey 1 min read

Exploiting CORS can be a tricky in modern web apps, but there are still critical cases out there if you know what to look for. If you want to learn more about CORS exploitation, the research is available above.

As a result of this research, we also managed to contribute several additional bypasses for PortSwigger Research’s URL validation cheat sheet. Shout-out to Zakhar Fedotkin for their speedy responses in getting those added!

Research

outpost24 exploit development

This post is licensed under CC BY 4.0 by the author.

Trending Tags