CORS-Misconfigurations

What is CORS ?

Security feature created to selectively relax the SOP restrictions and enable controlled access to resources from different domains.

Impact of CORS Misconfigurations :

Data Theft : attacker can steal API keys , SSH keys , user’s credentials.
Cross-Site-Scripting(XSS): attacker can perform XSS attacks and steal session tokens and perform unauthorized actions .
Remote code execution in some cases example how do RCE.

Prevent CORS Misconfigurations :

Implement proper CORS headers .
Restrict access to sensitive data .

CORS Checklist

[ ] Check common CORS header in response: Access-Control-Allow-Origin , Access-Control-Allow-Credentials.
[ ] Access-Control-Allow-Origin : indicates all domains are allowed, or a comma-separated list of domains , value * OR comma-separated list of domains.
[ ] Access-Control-Allow-Credentials : determines whether the domain allows for passing credentials — such as cookies or authorization headers in the cross-origin requests , value true{
allow passing credenitals in the requests } , false { Disallow passing in the requests }.
[ ] Test Reflected Origins : change origin header and check response :

HTTP Request :
Origin : < attacker.com >
if these reflected in Response :
Access-Control-Allow-Origin: <attacker.com> 
Access-Control-Allow-Credentials : true this vulnerable