CORS Vulnerability with Trusted Insecure Protocols BurpSuite Walkthrough
文章分析了CORS配置错误与HTTP子域名XSS漏洞结合导致API密钥泄露的过程,展示了利用漏洞窃取管理员API密钥的攻击方法及修复建议。 2025-10-9 08:58:35 Author: infosecwriteups.com(查看原文) 阅读量:48 收藏

CORS misconfig + HTTP subdomain XSS analysis showing API key exfiltration, exploit breakdown and remediation.

Aditya Bhatt

Lab: CORS vulnerability with trusted insecure protocols
Lab link: https://portswigger.net/web-security/cors/lab-breaking-https-attack
Author: Aditya Bhatt — Cybersecurity / VAPT Practitioner
Free Article Link

TL;DR

I combined a permissive CORS configuration (which reflects arbitrary subdomain origins, including HTTP) with a reflected XSS vector in the product lookup to exfiltrate an administrator API key. The exploit uses the stock HTTP subdomain to run attacker-controlled script, performs a credentialed XHR to /accountDetails, and forwards the JSON to an exploit server. Lab solved. 🥳🔑

Press enter or click to view image in full size

Overview

CORS is a powerful browser mechanism that, when misconfigured, can be disastrous. In this lab I found a server that:

  • Reflected arbitrary subdomain Origins in Access-Control-Allow-Origin (including http:// subdomain Origins), and
  • Returned Access-Control-Allow-Credentials: true, and

文章来源: https://infosecwriteups.com/cors-vulnerability-with-trusted-insecure-protocols-burpsuite-walkthrough-5004688e6018?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh