access-control-allow-credentials

2 articles
Sort: New Top Best
clear filter
bug-bounty621 facebook431 xss316 google103 rce101 csrf60 microsoft59 web354 account-takeover53 writeup50 apple42 sqli41 cve35 ssrf34 exploit33 dos31 privilege-escalation28 defi28 cloudflare27 smart-contract-vulnerability25 idor24 subdomain-takeover24 ethereum23 clickjacking23 smart-contract23 vulnerability-disclosure21 access-control21 auth-bypass19 malware19 remote-code-execution18 lfi17 cors16 race-condition15 cloud15 reverse-engineering14 authentication-bypass14 solidity14 oauth12 browser12 info-disclosure12 aws12 sql-injection11 delegatecall11 denial-of-service11 phishing11 web-application-security10 vulnerability9 buffer-overflow9 web-security9 token-theft9
0
Exploiting insecure CORS API api.artsy.net
bug-bounty

A CORS misconfiguration on api.artsy.net allows attackers to exfiltrate authenticated user credentials and sensitive data (email, phone, authentication tokens, etc.) by hosting malicious JavaScript that exploits the overly permissive Access-Control-Allow-Credentials and Access-Control-Allow-Origin headers.

cors cross-origin-resource-sharing insecure-cors credential-exposure api-security xmlhttprequest authentication-bypass bug-bounty web-security data-exfiltration access-control-allow-credentials same-origin-policy-bypass
api.artsy.net MuhammadKhizerJaved GeekBoy HackerOne Bugcrowd Apple Google Facebook BlackHat MEA
blog.securitybreached.org · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
An unexploited CORS misconfiguration reflecting further issues
bug-bounty

A security researcher discovered a CORS misconfiguration on a mobile app API that accepted arbitrary origins and included Access-Control-Allow-Credentials, allowing credential-based requests from attacker-controlled domains. Despite identifying the vulnerability, exploitation was limited due to high attack complexity (API only accessible in mobile app), though a proof-of-concept demonstrated the ability to exfiltrate sensitive account information when credentials were available in the browser.

cors-misconfiguration cross-origin-resource-sharing bug-bounty mobile-app-security api-security access-control-allow-credentials network-interception frida burpsuite credential-theft proof-of-concept web-security
Smaran Chand Bugcrowd Frida Burpsuite Firefox XMLHttpRequest
smaranchand.com.np · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details