From 55a779649af90322c293f6767576f7ae50db51ee Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Thu, 28 Jan 2021 16:21:42 +0530
Subject: [PATCH] added underscore bypass

---
 db/details.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/db/details.json b/db/details.json
index e71e179..2b77dd4 100644
--- a/db/details.json
+++ b/db/details.json
@@ -48,6 +48,12 @@
 		"severity" : "low",
 		"exploitation" : "Sniff requests made over the unencrypted channel."
 	},
+	"unrecognized underscore" : {
+		"class" : "unrecognized underscore",
+		"description" : "The origin verification is flawed and can be bypassed using a underscore (_).",
+		"severity" : "high",
+		"exploitation" : "Set the 'Origin' header to target.com_.example.com"
+	},
 	"broken parser" : {
 		"class" : "broken parser",
 		"description" : "The origin verification is flawed and can be bypassed using a backtick (`).",