Cross Origin Resource Sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. But while convenient, it also opens up the possibility of cross-domain attacks.
In this Playground, we’ll be going over both attack and defense for CORS, using hands-on labs to get a practical understanding of how these exploits work in the real world.
We’ll be learning how to exploit CORS using a phishing attack, then a basic origin reflection. Both these labs will have a defensive component as well. Our final lab exercise will feature a CSRF attack and CORS misconfiguration, after which you’ll learn to secure against these attacks.
CORS vulnerability with wildcard(*) along with phishing attack
CORS vulnerability with basic origin reflection
CORS and CSRF Attack and Defence