Scribd
Upload
340 views16 pages

Understanding CORS Vulnerabilities

Cross-Origin Resource Sharing (CORS) is a mechanism that allows resources on a web page to be requested from another domain outside the domain from which the resource originated. CORS uses additional HTTP headers to tell browsers if it is safe to allow a web page from domain A access to selected resources from domain B. Without CORS, requests made by browsers to a domain other than the originating domain would be blocked by the browser due to web security policies like same-origin policy. CORS works by using special HTTP headers that allow a server to indicate which origins are permitted to read that information from the server using preflight requests and HTTP headers.

Uploaded by

spandan Bhattarai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
340 views16 pages

Understanding CORS Vulnerabilities

Cross-Origin Resource Sharing (CORS) is a mechanism that allows resources on a web page to be requested from another domain outside the domain from which the resource originated. CORS uses additional HTTP headers to tell browsers if it is safe to allow a web page from domain A access to selected resources from domain B. Without CORS, requests made by browsers to a domain other than the originating domain would be blocked by the browser due to web security policies like same-origin policy. CORS works by using special HTTP headers that allow a server to indicate which origins are permitted to read that information from the server using preflight requests and HTTP headers.

Uploaded by

spandan Bhattarai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
  • Introduction to CORS
  • What is CORS?
  • Understanding SOP and Origin
  • How CORS Works
  • CORS Headers
  • CORS Vulnerabilities
  • How to Exploit CORS for CSRF Attacks
  • Preventing CORS Vulnerabilities
  • Closing Remarks

CROSS ORIGIN

RESOURCE
SHARING
SPANDAN BHATTARAI
WHY DID THE WEB DEVELOPER
DECLINE THE INVITATION TO THE
Because they were too strict about the Same-Origin Policy,
PARTY?
and they didn't want any "unauthorized access" to their dance
moves! They just couldn't risk any cross-origin requests
disrupting their smooth moves on the dance floor!
·WHAT IS CORS?
A

• SOP MECHANISM
THAT USES
HOW DOES
• ORIGIN HTTP IT WORK?
HEADERS TO
DEFINE
ORIGINS THAT
SOP AND ORIGIN
• web pages can only access resources from the same origin
• origin consists of the combination of protocol (e.g., HTTP or HTTPS), domain,
and port
CORS
• mechanism that relaxes the SOP
restrictions to enable controlled
access to resources from different
origins
• headers are used to specify the
permissions granted to other
origins
CORS
CORS
ACCESS-CONTROL-ALLOW-
HEADERS
ACCESS-CONTROL-ALLOW- ACCESS-CONTROL-ALLOW-
ORIGIN METHODS: CREDENTIALS:

ACCESS-CONTROL- ACCESS-CONTROL-MAX- ACCESS-CONTROL-ALLOW-


EXPOSE-HEADERS: AGE HEADERS:
ACCESS-CONTROL-ALLOW-
ORIGIN HEADER
The Access-Control-Allow-Origin response header indicates whether the response can be
shared with requesting code from the given origin
ACCESS-CONTROL-ALLOW-
CREDENTIALS HEADER
The Access-Control-Allow-Credentials response header allows cookies (or other user
credentials) to be included in cross-origin requests.
CORS
VULNERABILITI
ES
VULNERAB
• The server does not properly validate the "Access-Control-Allow-Origin"
header, allowing unauthorized origins to access sensitive resources.
• Example: "Access-Control-Allow-Origin: *"

ILITIES Errors parsing Origin and credentials headers


Granting access to all domains that end in a specific string
• Example: [Link]
• Bypass: [Link]
Granting access to all domains that begin with a specific string
• Example:
• "Access-control-allow-origin: [Link]
• Access-control-allow-credentials: true"
• Bypass: [Link]
HOW TO
EXPLOIT
CORS FOR
CSRF
CSRF, SOP, CORS
The attacker creates a Trick the victim to visit the
malicious website that triggers malicious website while the
a request to the target . victim is authenticated on the
target website.

Request executes an malicious The target website recognizes The victim's browser, while on
action on the target i.e. request as authorized CORS the malicious website, sends a
modifying account settings, origin (the attacker's domain) request to the target website.
making transactions, or and allows to proceed.
altering user data.
• Proper configuration of cross-
origin requests

Implement Strict Access-Control-


PREVENTING Allow-Methods:

CORS Avoid wildcards in


internal networks
VULNERABILITIES
Avoid whitelisting null
THANK
Any queries?

YOU!
References
• [Link]
• [Link]
• [Link]
• [Link]
• [Link]
• [Link]
• [Link]
• [Link]
• [Link]

You might also like