mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-19 10:56:10 +00:00
fix typo
This commit is contained in:
parent
bf73393921
commit
c2b8018617
@ -131,7 +131,7 @@ https://trusted-origin.example.com/?xss=<script>CORS-ATTACK-PAYLOAD</script>
|
||||
### Vulnerable Example: Wildcard Origin `*` without Credentials
|
||||
|
||||
If the server responds with a wildcard origin `*`, the browser does never send
|
||||
the cookies. Howver, if the server does not require authentication, it's still
|
||||
the cookies. However, if the server does not require authentication, it's still
|
||||
possible to access the data on the server. This can happen on internal servers
|
||||
that are not accessible from the Internet. The attacker's website can then
|
||||
pivot into the internal network and access the server's data withotu
|
||||
|
Loading…
Reference in New Issue
Block a user