Medium Severity | OWASP A01:2021
🟡 CORS Misconfiguration
🧠 Description
What is CORS?
Cross-Origin Resource Sharing (CORS) is a mechanism that allows restricted resources on a web page to be accessed from another domain. Misconfigured CORS can allow attackers to access sensitive data from trusted APIs.
CORS Misconfiguration allows:
- Steal sensitive data from APIs
- Perform actions on behalf of user
- Access credentials/sessions
- Cross-site data theft
🎯 Attack Surface
- ✅ API endpoints returning sensitive data
- ✅ Login/API endpoints
- ✅ User profile data
🔍 Detection
- Check Access-Control-Allow-Origin header
- Test with arbitrary Origin
- Check for null origin allowed
💣 Attack Payloads
Origin: http://evil.com (reflected)
Origin: null (allowed)
Access-Control-Allow-Credentials: true with wildcard origin
📝 Proof of Concept
# Attacker page
fetch('https://target.com/api/user', {
method: 'GET',
credentials: 'include'
})
# If server responds with:
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
# Attack succeeds! Data stolen.
💥 Impact
Severity: MEDIUM
- Data theft
- Sensitive information exposure
🛡️ Mitigation
✅ Proper Origin validation: Whitelist allowed origins
✅ Don't use wildcard: Never use * with credentials
✅ Secure headers: Use Access-Control-Allow-Origin properly
✅ Don't use wildcard: Never use * with credentials
✅ Secure headers: Use Access-Control-Allow-Origin properly