Bypassing CORS

Saad Ahmed
2 min readAug 1, 2019

--

Hello friends this write-up is about how I bypassed the CORS validation. Let assume the website name redact.com. Simply I logged into the website checked for CSRF attack but there was a Current Password pram which means if I am able to bypass, there is a CSRF protection. I still need the victim’s current password to exploit it

Then I saw..

Access-Control-Allow-Origin: https://redact.com

Access-Control-Allow-Credentials: true

I tried to set the attacker.com in the Origin header but didn’t worked out I tried by adding another Origin header it also failed basically the server was checking the Origin header value like this

So we can simply trick the server to bypass that validation by setting the Origin header value to redact.com.attacker.com.

Simply tried this on the redact.com & it worked.

Loading the Account-Detail page from Evil origin to steal the information

Send that fetch request to steal the account information page & display it on the evil.com

Boom data steal I hope you guys like it.

./LOGOUT

--

--