Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

Token Leakage via Referer

POC

Observe that token is disclosed to one of the followings with Referer Header to any of the followings: - Trusted 3rd Party - Untrusted 3rd Party - Over HTTP

Impact

Low-Medium

Likelihood

Low