s0md3v/Corsy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
56a8c48c6be8da7fd80e431c05a0a2a2c3461719
Corsy/db/details.json
Somdev Sangwan 56a8c48c6b Update details.json
2019-11-28 11:10:41 +05:30

54 lines
2.2 KiB
JSON
Raw Blame History

{
"wildcard value" : {
"Description" : "This host allows requests made from any origin. However, browsers will block all requests to this host by default.",
"Severity" : "Low",
"Exploitation" : "Not possible"
},
"third party allowed" : {
"Description" : "This host has whitelisted a third party host for cross origin requests.",
"Severity" : "Medium",
"Exploitation" : "If the whitelisted host is a code hosting platform such as codepen.io or has an XSS vulnerability, it can be used to exploit this misconfiguration."
},
"origin reflected" : {
"Description" : "This host allows any origin to make requests to it.",
"Severity" : "High",
"Exploitation" : "Make requests from any domain you control."
},
"invalid value" : {
"Description" : "Header's value is invalid, this CORS implementation doesn't work at all.",
"Severity" : "Low",
"Exploitation" : "Not possible"
},
"post-domain wildcard" : {
"Description" : "The origin verification is flawed, it allows requests from a host that has this host as a prefix.",
"Severity" : "High",
"Exploitation" : "Make requests from target.com.attacker.com"
},
"pre-domain wildcard" : {
"Description" : "The origin verification is flawed, it allows requests from a host that has this host as a suffix.",
"Severity" : "High",
"Exploitation" : "Make requests from attacker-target.com"
},
"null origin allowed" : {
"Description" : "This host allows requests from 'null' origin.",
"Severity" : "High",
"Exploitation" : "Make requests from a sandboxed iframe."
},
"http origin allowed" : {
"Description" : "This host allows sharing resources over an unencrypted (HTTP) connection.",
"Severity" : "Low",
"Exploitation" : "Sniff requests made over the unencrypted channel."
},
"broken parser" : {
"Description" : "The origin verification is flawed and can be bypassed using a backtick (`).",
"Severity" : "High",
"Exploitation" : "Set the 'Origin' header to %60.example.com"
},
"unescaped regex" : {
"Description" : "The regex used for origin verification contains an unescaped dot (.) character.",
"Severity" : "High",
"Exploitation" : "If the target is sub.example.com, make requests from subxexample.com"
}
}
Reference in New Issue View Git Blame Copy Permalink