From dde7140ff9a845d731daa6509d2ecffb55c87394 Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Sat, 11 Sep 2021 23:46:31 +0530
Subject: [PATCH] misc update

---
 vulnerabilities/generic/cors-misconfig.yaml | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/vulnerabilities/generic/cors-misconfig.yaml b/vulnerabilities/generic/cors-misconfig.yaml
index 8e814fade3..a476df65b4 100644
--- a/vulnerabilities/generic/cors-misconfig.yaml
+++ b/vulnerabilities/generic/cors-misconfig.yaml
@@ -16,31 +16,28 @@ requests:
       - |
         GET / HTTP/1.1
         Host: {{Hostname}}
-        Origin: {{randstr}}.com
+        Origin: {{randstr}}.tld
 
       - |
         GET / HTTP/1.1
         Host: {{Hostname}}
         Origin: null
 
-#      - |
-#        GET / HTTP/1.1
-#        Host: {{Hostname}}
+#  TODO's for future as currently {{Hostname}} is not supported in matchers
 #        Origin: {{randstr}}.{{Hostname}}
-#
-#      - |
-#        GET / HTTP/1.1
-#        Host: {{Hostname}}
-#        Origin: {{Hostname}}{{randstr}}
-
-# TO DO for future as currently {{Hostname}} is not supported in matchers
+#        Origin: {{Hostname}}.{{randstr}}.tld
+#        Origin: {{Hostname}}{{randstr}}.tld
+#        Origin: {{Hostname}}_.{{randstr}}.tld
+#        Origin: {{Hostname}}%60.{{randstr}}.tld
+#        Origin: http://{{Hostname}}
+#        Origin: http://{{randstr}}.{{Hostname}}
 
     matchers-condition: or
     matchers:
       - type: dsl
         name: arbitrary-origin
         dsl:
-          - "contains(tolower(all_headers), 'access-control-allow-origin: {{randstr}}.com')"
+          - "contains(tolower(all_headers), 'access-control-allow-origin: {{randstr}}.tld')"
           - "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
         condition: and