MISC & Others

Cross Origin Resource Sharing (CORS)

https://portswigger.net/web-security/cors

# CORS is a feature allowing access to resources hosted on different domains
# If badly configured, it can allow cross-domain attacks like CSRF
# Corsy is an automated tool to discover potential CORS misconfiguration and issues
https://github.com/s0md3v/Corsy

# Usage
$ python3 corsy.py -u https://haax.fr

    CORSY  {v0.2-beta}

[+] Misconfiguration found!
[!] Title: Wildcard value
[!] Description: This host allows requests made from any origin. However, browsers will block all requests to this host by default.
[!] Severity: Low
[!] Exploitation: Not possible