Exploiting CORS Misconfiguration using XSS
Hello All, This Post is about how i exploited a Cross Origin Resource Sharing (CORS) Misconfiguration with the help of Cross Site Scripting (XSS) After reporting some bugs to Netgear Kudos program I started getting old private program invites on Bugcrowd One of which was with 300+ researchers and running from 2015 I wasn't happy about that, As i thought I won't be able to find any thing as the program is running from such a long time and so many others have looked at it before me. Even if i will get something the chances of that being duplicate is high. But then Osama said this So I finally started looking at it and trying my best to find something, Got one P3 but it went duplicate :( But then I got an endpoint that was having simple CORS misconfiguration and the endpoint was giving user details like email address , age , g ender , DOB , etc in response It was triaged, paid and fix within a week I was happy and was planing ...