Menu

CORS Misconfiguration Vulnerabilities Scanner.

Discover Cross-Origin Resource Sharing(CORS) misconfigurations vulnerabilities of websites

Host Type Description Severity Exploitation ACAO Header ACAC Header

Host Type Description Severity Exploitation ACAO Header ACAC Header
Disclaimer

This tool is intended to help system administrators and other security researchers assess external threats on the website they OWN. Ensure that you are AUTHORIZED to perform scan. We are not liable of any damaged caused by misuse.

Notable features

  • Pre-domain bypass
  • Post-domain bypass
  • Backtick bypass
  • Null origin bypass
  • Unescaped dot bypass
  • Underscore bypass
  • Invalid value
  • Wild card value
  • Origin reflection test
  • Third party allowance test
  • HTTP allowance test
Impact and Risk of misconfigured CORS

Impact and Risk of misconfigured CORS

A CORS misconfiguration can leave the application at a high-risk of compromise resulting in an impact on the confidentiality and integrity of data by allowing third-party sites to carry out privileged requests through your web site’s authenticated users such as retrieving user setting information or saved payment card data

Background

Cross-origin resource access can be classified into two categories: cross-origin local resources access (e.g., for DOM, cookie) and cross-origin network resources access (e.g., for XMLHttpRequest). The former has been stud-ied in previous research [31, 45], and the latter is the fo-cus of this paper. More specifically, we study the ac-cess control mechanisms for both sending cross-originrequests and reading cross-origin responses