Bypassing CORS

Bypassing CORS | by Saad Ahmed - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Bypassing CORS Hello friends this write-up is about who I bypass the CORS validation. Let assume the website name redact.com simple I login to website… Saad Ahmed Follow ~2 min read · August 1, 2019 (Updated: December 11, 2021) · Free: Yes Hello friends this write-up is about how I bypassed the CORS validation. Let assume the website name redact.com. Simply I logged into the website checked for CSRF attack but there was a Current Password pram which means if I am able to bypass, there is a CSRF protection. I still need the victim's current password to exploit it Then I saw.. Access-Control-Allow-Origin: https://redact.com Access-Control-Allow-Credentials: true I tried to set the attacker.com in the Origin header but didn't worked out I tried by adding another Origin header it also failed basically the server was checking the Origin header value like this So we can simply trick the server to bypass that validation by setting the Origin header value to redact.com.attacker.com. Simply tried this on the redact.com & it worked. Loading the Account-Detail page from Evil origin to steal the information Send that fetch request to steal the account information page & display it on the evil.com Boom data steal I hope you guys like it. ./LOGOUT #javascript Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).