Advanced CORS exploitation techniques demonstrating two real-world cases: chaining XSS vulnerabilities with CORS misconfigurations to leak sensitive data, and bypassing CORS origin validation using special characters in domain names (particularly in Safari) to exploit wildcard subdomain whitelisting. The second technique leverages browser inconsistencies in domain validation to craft malicious origins like 'zzzz.ubnt.com=.evil.com' that pass CORS checks while resolving to attacker-controlled domains.
Researcher discovered a wildcard subdomain takeover vulnerability on uber.design by identifying that the domain's wildcard DNS pointed to Heroku's unclaimed infrastructure, allowing registration of arbitrary subdomains (*.uber.design) and potential email spoofing via Google Workspace verification.