Cross-Origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) : Beginner's guide
Scenario:
You are a penetration tester tasked with assessing the security of craw.in, a new social media platform. During your reconnaissance, you notice peculiar behavior when making requests to the API from your own testing domain. You suspect there might be misconfigurations related to Cross-Origin Resource Sharing (CORS).
Question 1:
You observe that the Origin header in your request is reflected in the Access-Control-Allow-Origin response header. This is usually a sign of what type of CORS misconfiguration?
Question 2:
You attempt to use credentials: 'include' in your JavaScript fetch request. If successful, this sends what type of information to the craw.in API?
Question 3:
The Access-Control-Allow-Methods header lists multiple HTTP verbs. What is the most common HTTP verb used to send data to a server?
Question 4:
Craw.in allows subdomains like blog.craw.in and shop.craw.in. If the Access-Control-Allow-Origin is set to *.craw.in, what type of wildcard policy is this?
Question 5:
If the Access-Control-Allow-Credentials header is present, what value must it be set to for requests with credentials to succeed?
Question 6:
You find an API endpoint /api/profile that requires authentication. If the Access-Control-Allow-Origin is incorrectly configured, what sensitive data could be exposed via a CORS vulnerability?
Question 7:
You notice a specific header returned from the server related to CORS. Which header is this?
Question 8:
You crafted a POST request to /api/post from your own domain. what is a potential attack from your domain?
Question 9:
A website has configured CORS with Access-Control-Allow-Methods: POST,GET How many methods allowed ?
Question 10:
If a CORS preflight request (OPTIONS) is missing the Access-Control-Allow-Headers header, what is the likely outcome of the subsequent actual request?