ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 10:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Swissky 2020-10-25 14:01:53 +01:00 committed by GitHub
parent 91fc542c81
commit 9992990e40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CORS Misconfiguration/README.md
View File

@ -14,6 +14,11 @@
* [Corsy - CORS Misconfiguration Scanner](https://github.com/s0md3v/Corsy/) * [Corsy - CORS Misconfiguration Scanner](https://github.com/s0md3v/Corsy/)
* [PostMessage POC Builder - @honoki](https://tools.honoki.net/postmessage.html) * [PostMessage POC Builder - @honoki](https://tools.honoki.net/postmessage.html)
## Prerequisites
* BURP HEADER> `Origin: https://evil.com`
* VICTIM HEADER> `Access-Control-Allow-Credential: true`
* VICTIM HEADER> `Access-Control-Allow-Origin: https://evil.com` OR `Access-Control-Allow-Origin: null`
## Exploitation ## Exploitation