Hi there! Welcome to the comment section. I hope you liked the video. If you like what I'm doing, sign up for the newsletter to learn with me even more: mailing.bugbountyexplained.com/
That's a good question. In this case, we send a POST request with application/x-www-form-urlencoded content-type. As per understanding of CORS rules, this is considered a "simple request". Thus, the browser does NOT send the preflight request (the OPTIONS request which the browser sends to what is the Access-Control-Allow-Origin header). Instead, straight away it sends the POST request that we want and only then observes headers in the response (ACAO in particular). In our case, the request will originate from the bad domain - one is not whitelisted by CORS policy. The browser will block us from reading the response bur the request was already sent. In case of CSRF, we don't need to read the response - sending a request is enough for us. Reference: developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests This topic is not easy - feel free to ask if you need any clarification.
Hi there! Welcome to the comment section. I hope you liked the video.
If you like what I'm doing, sign up for the newsletter to learn with me even more: mailing.bugbountyexplained.com/
awsome video! keep going man! im proud that people from my country are finding bugs like this :)
good one as always :D
Keep up the good work
Perfectly explained.
Nice video like always ;)
Thank for your work. It help me to understand a bug. :)
Super
duh ... but 6k is too low for such a vuln
I also think it could be more
Google should hire him! 👏👏
yes!
Hey how did he bypass cors policy that allows a site to send get requests in the browser to another site that it doesn't own ??
That's a good question. In this case, we send a POST request with application/x-www-form-urlencoded content-type. As per understanding of CORS rules, this is considered a "simple request". Thus, the browser does NOT send the preflight request (the OPTIONS request which the browser sends to what is the Access-Control-Allow-Origin header). Instead, straight away it sends the POST request that we want and only then observes headers in the response (ACAO in particular).
In our case, the request will originate from the bad domain - one is not whitelisted by CORS policy. The browser will block us from reading the response bur the request was already sent. In case of CSRF, we don't need to read the response - sending a request is enough for us.
Reference: developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
This topic is not easy - feel free to ask if you need any clarification.
@@BugBountyReportsExplained
oh ... i get it ... i thought that you need to read the response to get the attack to work ...
thanks a lot
@@mnageh-bo1mm no problem mate, It's good to hear a good question in comments 😉
nice
This is next level shit