Showing posts from August, 2021

Bypass CORS Filter leads to CSRF Application Wide

let's start reading? I will call my target []. I was testing my target and found the target is using one endpoint to do actions in this domain if you want to show a page or update information the application will send a request to the same endpoint but with different parameters in JSON format, like the following screenshot you can notice that there is no CSRF Token or any Custom-Header to prevent the CSRF Attacks, so I wrote an exploit code to try the CSRF Attack and it didn't work so what happens? I found that the server is checking on the origin which sends the request all checks are on it it just accepts requests from trusted domains [http://*], I tried a lot of bypasses to break this filter but I couldn't so it was a wall that prevents me from making it a valid bug. I took a few minutes to think about it and I found something can I try which is Null Origin I tried it in the header and it works the check is disabled and the request works without an