s0md3v/Corsy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added underscore bypass

Browse Source
This commit is contained in:
Somdev Sangwan
2021-01-28 16:21:42 +05:30
committed by GitHub
parent 84498ed3d5
commit 55a779649a
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
db/details.json
View File

@@ -48,6 +48,12 @@
"severity" : "low", "severity" : "low",
"exploitation" : "Sniff requests made over the unencrypted channel." "exploitation" : "Sniff requests made over the unencrypted channel."
}, },
"unrecognized underscore" : {
"class" : "unrecognized underscore",
"description" : "The origin verification is flawed and can be bypassed using a underscore (_).",
"severity" : "high",
"exploitation" : "Set the 'Origin' header to target.com_.example.com"
},
"broken parser" : { "broken parser" : {
"class" : "broken parser", "class" : "broken parser",
"description" : "The origin verification is flawed and can be bypassed using a backtick (`).", "description" : "The origin verification is flawed and can be bypassed using a backtick (`).",