nuclei-templates/vulnerabilities/generic/basic-cors.yaml

22 lines
431 B
YAML

id: basic-cors-misconfig
info:
name: Basic CORS misconfiguration
author: nadino
severity: low
requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
Origin: https://evil.com
matchers:
- type: word
words:
- "Access-Control-Allow-Origin: https://evil.com"
- "Access-Control-Allow-Credentials: true"
condition: and
part: header