daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add new payload for CORS

patch-1
nodauf 2023-01-30 15:21:39 +01:00 committed by GitHub
parent aed9c7f85d
commit 6a50f45f96
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vulnerabilities/generic/cors-misconfig.yaml
View File

@ -2,7 +2,7 @@ id: cors-misconfig
info:
name: CORS Misconfiguration
author: nadino,g4l1t0,convisoappsec,pdteam,breno_css
author: nadino,g4l1t0,convisoappsec,pdteam,breno_css,nodauf
severity: info
reference:
- https://portswigger.net/web-security/cors
@ -28,6 +28,9 @@ requests:
- "null" # null origin
- "https://{{tolower(rand_base(5))}}.{{RDN}}" # Arbitrary subdomain
- "http://{{tolower(rand_base(5))}}.{{RDN}}" # Arbitrary subdomain over http
- "https://{{replace(FQDN,'.','a')}}" # Replace . by a random character to abuse if regex is used
- "http://{{replace(FQDN,'.','a')}}" # Replace . by a random character to abuse if regex is used
stop-at-first-match: true
matchers: