From f120024c6b6d768a365cdcc7cf9d4a47f9c9d6b9 Mon Sep 17 00:00:00 2001
From: Emanuel Duss <emanuel.duss@gmail.com>
Date: Sun, 12 Apr 2020 14:55:05 +0200
Subject: [PATCH] Added CORS exploitation with strict trusted origin whitelist
 using XSS

---
 CORS Misconfiguration/README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md
index d224ea5..d7d9f95 100644
--- a/CORS Misconfiguration/README.md	
+++ b/CORS Misconfiguration/README.md	
@@ -117,6 +117,17 @@ origin in the request:
 </script>"></iframe> 
 ```
 
+### Vulnerable Example: XSS on Trusted Origin
+
+If the application does implement a strict whitelist of allowed origins, the
+exploit codes from above do not work. But if you have an XSS on a trusted
+origin, you can inject the exploit coded from above in order to exploit CORS
+again.
+
+```
+https://trusted-origin.example.com/?xss=<script>CORS-ATTACK-PAYLOAD</script>
+```
+
 ## Bug Bounty reports
 
 * [CORS Misconfiguration on www.zomato.com - James Kettle (albinowax)](https://hackerone.com/reports/168574)