s0md3v/Corsy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add unescaped regex test

Browse Source
This commit is contained in:
Somdev Sangwan
2019-11-25 10:20:45 +05:30
committed by GitHub
parent a26fa3af15
commit 205b214dda
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
db/details.json
View File

@@ -44,5 +44,10 @@
"Description" : "The origin verification is flawed and can be bypassed using a backtick (`).", "Description" : "The origin verification is flawed and can be bypassed using a backtick (`).",
"Severity" : "High", "Severity" : "High",
"Exploitation" : "Set the 'Origin' header to %60.example.com" "Exploitation" : "Set the 'Origin' header to %60.example.com"
},
"unescaped regex" : {
"Description" : "The regex used for origin verification contains an unescaped dot (.) character.",
"Severity" : "High",
"Exploitation" : "If the target is sub.example.com, make requests from subxexample.com"
} }
} }