Cross Origin Resource Sharing


Description

The application is vulnerable to Cross Origin Resource Sharing (CORS). The HTML5 CORS protocol uses the Origin header to determine if a cross-origin request is permitted . The application implements CORS in a manner that allows third party domains to make requests to the application and bypass Single Origin Policy (SOP) security controls. A malicious web site could use an open CORS policy to trick users into revealing content when they interact with application. 

Impact

Allowing CORS access from other domains means that a third-party domain can interact with the application, bypassing Single Origin Policy security controls. Unless only public information is available through the request, an attacker who convinces an authenticated to browse to a malicious site can cause the user to return sensitive data to the attacker. An attacker may also be able to cause the user to perform actions on behalf of the attacker. The risk is increased if the application specifies the header Access-Control-Allow-Credentials: true, a header which often grants greater access to a user.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database