daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/vulnerabilities/generic/cors-misconfig.yaml

67 lines
1.8 KiB
YAML
Raw Blame History

id: cors-misconfig
info:
name: Basic CORS misconfiguration
author: nadino,G4L1T0,convisoappsec,pdteam
severity: info
reference: https://portswigger.net/web-security/cors
tags: cors,generic
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
GET / HTTP/1.1
Host: {{Hostname}}
Origin: {{randstr}}.com
- |
GET / HTTP/1.1
Host: {{Hostname}}
Origin: null
# - |
# GET / HTTP/1.1
# Host: {{Hostname}}
# Origin: {{randstr}}.{{Hostname}}
#
# - |
# GET / HTTP/1.1
# Host: {{Hostname}}
# Origin: {{Hostname}}{{randstr}}
# TO DO for future as currently {{Hostname}} is not supported in matchers
matchers-condition: or
matchers:
- type: dsl
name: arbitrary-origin
dsl:
- "contains(tolower(all_headers), 'access-control-allow-origin: {{randstr}}.com')"
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
condition: and
- type: dsl
name: null-origin
dsl:
- "contains(tolower(all_headers), 'access-control-allow-origin: null')"
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
condition: and
- type: dsl
name: wildcard-acac
dsl:
- "contains(tolower(all_headers), 'access-control-allow-origin: *')"
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
condition: and
- type: dsl
name: wildcard-no-acac
dsl:
- "contains(tolower(all_headers), 'access-control-allow-origin: *')"
- "!contains(tolower(all_headers), 'access-control-allow-credentials: true')"
condition: and
Reference in New Issue View Git Blame Copy Permalink