Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

CORS Misconfiguration

By kannthu

Informative
Vidoc logoVidoc Module
#cors#generic#misconfig
Description

What is the "CORS Misconfiguration?" module?

The "CORS Misconfiguration" module is designed to detect misconfigurations related to Cross-Origin Resource Sharing (CORS) in web applications. CORS is a security mechanism that allows web browsers to make cross-origin requests, but misconfigurations can lead to potential vulnerabilities.

This module targets web applications that have misconfigured CORS settings, which can result in unauthorized access to sensitive data or the ability to perform actions on behalf of the user.

The severity of this module is classified as informative, indicating that it provides valuable information about potential security risks but does not directly exploit vulnerabilities.

Original authors of this module include nadino, g4l1t0, convisoappsec, pdteam, breno_css, and nodauf.

Impact

A misconfigured CORS policy can have various impacts on web applications:

- Unauthorized access to sensitive data: Attackers may be able to bypass the same-origin policy and retrieve sensitive information from other domains. - Session hijacking: Attackers can exploit misconfigured CORS to perform actions on behalf of authenticated users, potentially leading to session hijacking. - CSRF attacks: Misconfigured CORS can enable Cross-Site Request Forgery (CSRF) attacks, allowing attackers to trick users into performing unintended actions.

How does the "CORS Misconfiguration?" module work?

The "CORS Misconfiguration" module works by sending HTTP requests with specific headers and payloads to the target web application. It then evaluates the responses based on matching conditions to determine if a misconfiguration is present.

One example of an HTTP request template used by this module is:

GET / HTTP/1.1
Host: {%Hostname%}
Origin: {%cors_origin%}

The module checks if the response headers contain the following conditions:

- access-control-allow-origin: {{cors_origin}}: Verifies if the response allows the specified CORS origin. - access-control-allow-credentials: true: Checks if the response allows credentials to be sent in cross-origin requests.

If both conditions are met, the module identifies a potential misconfiguration.

It is important to note that this module is designed to provide information about potential CORS misconfigurations and does not actively exploit any vulnerabilities.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
dsl: contains(toLower(all_headers), `access-c...
Passive global matcher
No matching conditions.
On match action
Report vulnerability