Privacy & Cookies

This website uses cookies. By continuing to use this site you are agreeing to our use of cookies.
Forum Index

Sections

View

Filter topics in this section

Stats

Threads7,309
Posts58,575
Authors6,686

Exploiting Access-Control-Allow-Origin: * [help]

Hacking & Security > Web Hacking & War Games > Exploiting Access-Control-Allow-Origin: * [help]


    • 515
    • 4

    0
    I've been reading about the Access-Control-Allow-Origin header. As far as I understand, enabling this header with a value of * will enable any third party site to make requests to it on behalf of its users.

    This made me think that I could exploit such a site by making a request to an "/account/settings"-like endpoint on behalf of a victim in order to read stuff like email, phone number and address associated with the victim's account.

    Like: <script>var html = (await (await fetch(site).text());</script>

    However, when I try to do this in practice using myself as the victim and being logged in on my target site, I get a /login redirect response from the server. The request is not that of an authenticated user.

    Can someone clarify what the risk of enabling Access-Control on sensitive pages is, if it's not this?
You must be logged in to reply to this topic