Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V14 - Config

CORS (Cross-Origin Resource Sharing)

POC

  • Add the following HTTP Request header: Origin: https://www.evil.com
  • The Access-Control-Allow-Credentials: true and Access-Control-Allow-Origin: https://www.evil.com server response headers indicate that the server will respond to any authenticated requests from any origin, even if it is trusted or not.

Impact

Low

Likelihood

Low