cors

31 articles
sort: new top best
clear filter
google359 bug-bounty345 xss336 facebook280 microsoft270 apple183 exploit175 rce138 csrf84 writeup80 browser73 malware73 account-takeover63 cve62 aws55 react51 sqli48 node46 docker45 smart-contract45 ssrf44 dos43 ethereum43 defi42 web341 access-control40 supply-chain38 oauth38 wordpress37 cloudflare36 phishing35 cloud35 idor34 smart-contract-vulnerability32 pentest32 cors31 auth-bypass31 privilege-escalation30 subdomain-takeover29 solidity27 bragging-post27 clickjacking27 info-disclosure25 race-condition25 lfi24 buffer-overflow23 reverse-engineering21 vulnerability-disclosure18 kubernetes18 ctf17
0 6/10
Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure
bug-bounty

A security researcher discovered an IDOR vulnerability in an e-commerce platform where unauthorized access to user account data (name, address, credit card details) could be achieved by exploiting misconfigured CORS that exposed random checkout hashes to third-party integrations, allowing attackers to enumerate and access arbitrary user wallets via predictable endpoints.

cors idor pii-disclosure authorization-bypass information-disclosure e-commerce business-logic hash-enumeration third-party-integration
Harsh Parekh notmarshmllow
notmarshmllow.medium.com · kh4sh3i/bug-bounty-writeups · 15 hours ago · details
0
Chrome CORS
security
cors
blog.bi.tk · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Exploiting insecure CORS API api.artsy.net
authentication
apple bug-bounty cors exploit facebook google jwt pentest subdomain-takeover writeup
blog.securitybreached.org · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Explpoiting CORS misconfiguration
vulnerability
auth-bypass bug-bounty cloud cors csrf exploit facebook subdomain-takeover xss
bugbaba.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
An unexploited CORS misconfiguration reflecting further issues
bug-bounty
browser bug-bounty cloud cors exploit writeup
smaranchand.com.np · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Exploiting misconfigured CORS on popular BTC site
security
cors
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
CORS bug on google's 404 page (rewarded)
security
cors google
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
CORS misconfiguration account takeover out of scope to grab items in scope
authentication
account-takeover cloud cors
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
A simple CORS misconfiguration leaked private post of twitter facebook instagram
security
cloud cors facebook
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Bypassing CORS
security
cors
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Full account takeover through CORS with connection sockets
authentication
account-takeover cors
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Think outside the scope advanced cors exploitation techniques
security
cors
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
CORS misconfiguration leading to private information disclosure
security
cloud cors info-disclosure
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Pre domain wildcard CORS exploitation
bug-bounty
bug-bounty cors
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Bugcrowd domain subdomain takeover vulnerability
authentication
apple bug-bounty cloudflare cors exploit facebook google jwt pentest subdomain-takeover wordpress writeup
blog.securitybreached.org · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Escalating subdomain takeover to steal sensitive stuff
vulnerability
account-takeover bug-bounty cors oauth open-redirect postmessage ssrf subdomain-takeover
blog.takemyhand.xyz · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
XSS because of wrong content type header
vulnerability
auth-bypass bug-bounty cloud cors csrf facebook writeup xss
bugbaba.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
CORS to CSRF attack
vulnerability
cors csrf
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
How I found 5 stored XSS on a private program
vulnerability
bug-bounty cors exploit facebook writeup xss
cybristerboy.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
XSS with put in ghost blog
vulnerability
cors exploit xss
itsecguy.com · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
Abusing CORS for an XSS on flickr
vulnerability
browser bug-bounty cors facebook microsoft writeup xss
whitton.io · devanshbatham/Awesome-Bugbounty-Writeups · 15 hours ago · details
0
CORS End-to-End: How Browsers Enforce It, How Attackers Break It, How Devs Fix It
bug-bounty
bug-bounty cors
vikash-vishnoi.medium.com · Vikash Vishnoi · 20 hours ago · details
0
CORS End-to-End: How Browsers Enforce It, How Attackers Break It, How Devs Fix It
bug-bounty
bug-bounty cors
vikash-vishnoi.medium.com · Vikash Vishnoi · 20 hours ago · details
0
From CORS Misconfiguration to Sensitive Data Exposure
bug-bounty
bug-bounty cloud cors info-disclosure
medium.com · montaser mohsen · 20 hours ago · details
0
From CORS Misconfiguration to Sensitive Data Exposure
bug-bounty
bug-bounty cloud cors info-disclosure
medium.com · montaser mohsen · 20 hours ago · details
0
MCP server that audits AI agent reasoning before decisions commit
authentication
cors jwt
espiradev.org · aespira · 1 day ago · details · hn
0
Show HN: s@: decentralized social networking over static sites
security
cors
satproto.org · remywang · 1 day ago · details · hn
0
The human.json Protocol
security
browser cors
codeberg.org · todsacerdoti · 4 days ago · details · hn
more →