MISC & Others
Cross Origin Resource Sharing (CORS)
# CORS is a feature allowing access to resources hosted on different domains
# If badly configured, it can allow cross-domain attacks like CSRF
# Corsy is an automated tool to discover potential CORS misconfiguration and issues
$ python3 corsy.py -u https://haax.fr
[+] Misconfiguration found!
[!] Title: Wildcard value
[!] Description: This host allows requests made from any origin. However, browsers will block all requests to this host by default.
[!] Severity: Low
[!] Exploitation: Not possible