Added CORS exploitation with strict trusted origin whitelist using XSS

This commit is contained in:
Emanuel Duss 2020-04-12 14:55:05 +02:00
parent 48fcdeb7ca
commit f120024c6b

View File

@ -117,6 +117,17 @@ origin in the request:
</script>"></iframe>
```
### Vulnerable Example: XSS on Trusted Origin
If the application does implement a strict whitelist of allowed origins, the
exploit codes from above do not work. But if you have an XSS on a trusted
origin, you can inject the exploit coded from above in order to exploit CORS
again.
```
https://trusted-origin.example.com/?xss=<script>CORS-ATTACK-PAYLOAD</script>
```
## Bug Bounty reports
* [CORS Misconfiguration on www.zomato.com - James Kettle (albinowax)](https://hackerone.com/reports/168574)