id: basic-cors-misconfig

info:
  name: Basic CORS misconfiguration
  author: nadino
  severity: medium

requests:
  - method: GET
    path:
      - "{{BaseURL}}"
    headers:
      Origin: "https://evil.com"
    matchers:
      - type: word
        words:
          - "Access-Control-Allow-Origin: https://evil.com"
        part: header