-
Notifications
You must be signed in to change notification settings - Fork 34
/
CORSMisconfigurationInvalidOrigin.yaml
62 lines (59 loc) · 1.98 KB
/
CORSMisconfigurationInvalidOrigin.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
id: CORS_MISCONFIGURATION_INVALID_ORIGIN
info:
name: "Invalid Origin CORS Misconfiguration Detection"
description: >
"Detects misconfigured Cross-Origin Resource Sharing (CORS) settings by checking for invalid origin values, preventing unauthorized access."
details: >
"This test detects misconfigurations in Cross-Origin Resource Sharing (CORS) settings by checking for invalid origin values."
"It verifies that only allowed domains are listed as origins, preventing unauthorized access to sensitive resources. This test helps ensure proper security and protects against potential CORS-related vulnerabilities and data breaches."
impact: >
"A misconfigured CORS can have significant impact on web application security."
"If invalid origin values are not properly handled, it may allow unauthorized access to sensitive resources, leading to"
"data breaches, cross-site scripting (XSS) attacks, or unauthorized data manipulation, compromising the integrity and confidentiality of the system."
category:
name: CORS
shortName: CORS Misconfiguration
displayName: Cross-Origin Resource Sharing (CORS)
subCategory: CORS_MISCONFIGURATION_INVALID_ORIGIN
severity: HIGH
tags:
- Business logic
- OWASP top 10
- HackerOne top 10
references:
- "https://crashtest-security.com/cors-misconfiguration/"
cwe:
- CWE-942
cve:
- CVE-2021-27786
- CVE-2021-26991
auth:
authenticated: true
api_selection_filters:
response_code:
gte: 200
lt: 300
method:
neq: "OPTIONS"
execute:
type: single
requests:
- req:
- add_header:
origin: "`evil.com"
validate:
response_code:
gte: 200
lt: 300
response_headers:
and:
- for_one:
key:
contains_either: access-control-allow-origin
value:
contains_either: "`evil.com"
- for_one:
key:
contains_either: access-control-allow-credentials
value:
contains_either: "true"