Privacy & Cookies

This website uses cookies. By continuing to use this site you are agreeing to our use of cookies.
Forum Index



Filter topics in this section



Exploiting Access-Control-Allow-Origin: * [help]

Hacking & Security > Web Hacking & War Games > Exploiting Access-Control-Allow-Origin: * [help]

    • 515
    • 4

    I've been reading about the Access-Control-Allow-Origin header. As far as I understand, enabling this header with a value of * will enable any third party site to make requests to it on behalf of its users.

    This made me think that I could exploit such a site by making a request to an "/account/settings"-like endpoint on behalf of a victim in order to read stuff like email, phone number and address associated with the victim's account.

    Like: <script>var html = (await (await fetch(site).text());</script>

    However, when I try to do this in practice using myself as the victim and being logged in on my target site, I get a /login redirect response from the server. The request is not that of an authenticated user.

    Can someone clarify what the risk of enabling Access-Control on sensitive pages is, if it's not this?
You must be logged in to reply to this topic