Exploiting Access-Control-Allow-Origin: * [help]

jepwei
11 months ago

0

I’ve been reading about the Access-Control-Allow-Origin header. As far as I understand, enabling this header with a value of * will enable any third party site to make requests to it on behalf of its users.

This made me think that I could exploit such a site by making a request to an “/account/settings”-like endpoint on behalf of a victim in order to read stuff like email, phone number and address associated with the victim’s account.

Like:

However, when I try to do this in practice using myself as the victim and being logged in on my target site, I get a /login redirect response from the server. The request is not that of an authenticated user.

Can someone clarify what the risk of enabling Access-Control on sensitive pages is, if it’s not this?

0replies
1voice
24views
You must be logged in to reply to this discussion. Login
1 of 1

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss