Post

Exploiting trust - Weaponizing permissive CORS configurations

Research

Exploiting CORS can be a tricky in modern web apps, but there are still critical cases out there if you know what to look for. If you want to learn more about CORS exploitation, the research is available above.

As a result of this research, we also managed to contribute several additional bypasses for PortSwigger Research’s URL validation cheat sheet. Shout-out to Zakhar Fedotkin for their speedy responses in getting those added!

This post is licensed under CC BY 4.0 by the author.