67 lines
1.8 KiB
YAML
67 lines
1.8 KiB
YAML
|
id: cors-misconfig
|
||
|
|
||
|
info:
|
||
|
name: Basic CORS misconfiguration
|
||
|
author: nadino,G4L1T0,convisoappsec,pdteam
|
||
|
severity: info
|
||
|
reference: https://portswigger.net/web-security/cors
|
||
|
tags: cors,generic
|
||
|
|
||
|
requests:
|
||
|
- raw:
|
||
|
- |
|
||
|
GET / HTTP/1.1
|
||
|
Host: {{Hostname}}
|
||
|
|
||
|
- |
|
||
|
GET / HTTP/1.1
|
||
|
Host: {{Hostname}}
|
||
|
Origin: {{randstr}}.com
|
||
|
|
||
|
- |
|
||
|
GET / HTTP/1.1
|
||
|
Host: {{Hostname}}
|
||
|
Origin: null
|
||
|
|
||
|
# - |
|
||
|
# GET / HTTP/1.1
|
||
|
# Host: {{Hostname}}
|
||
|
# Origin: {{randstr}}.{{Hostname}}
|
||
|
#
|
||
|
# - |
|
||
|
# GET / HTTP/1.1
|
||
|
# Host: {{Hostname}}
|
||
|
# Origin: {{Hostname}}{{randstr}}
|
||
|
|
||
|
# TO DO for future as currently {{Hostname}} is not supported in matchers
|
||
|
|
||
|
matchers-condition: or
|
||
|
matchers:
|
||
|
- type: dsl
|
||
|
name: arbitrary-origin
|
||
|
dsl:
|
||
|
- "contains(tolower(all_headers), 'access-control-allow-origin: {{randstr}}.com')"
|
||
|
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
||
|
condition: and
|
||
|
|
||
|
- type: dsl
|
||
|
name: null-origin
|
||
|
dsl:
|
||
|
- "contains(tolower(all_headers), 'access-control-allow-origin: null')"
|
||
|
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
||
|
condition: and
|
||
|
|
||
|
- type: dsl
|
||
|
name: wildcard-acac
|
||
|
dsl:
|
||
|
- "contains(tolower(all_headers), 'access-control-allow-origin: *')"
|
||
|
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
||
|
condition: and
|
||
|
|
||
|
- type: dsl
|
||
|
name: wildcard-no-acac
|
||
|
dsl:
|
||
|
- "contains(tolower(all_headers), 'access-control-allow-origin: *')"
|
||
|
- "!contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
||
|
condition: and
|