thanks for the reply dude!! So if there was proper authorization control on the endpoint you would exploit the CORS misconfiguration ,but in your case its just Sensitive Data Exposure by just navigating to the endpoint ,right??!@@CybeR_FrosT
can you please explain both exploit bcz i know first one but not second...also the given link of github have not that script plz paste it in comment if possoble..
You already have access to these endpoints + there's no sensitive information inside them only public info, it's an informative in the best case.
Bro i got my domain reflection in request but when i add the target in HTML code and try to open it, it's giving me 403. Any idea how to bypass this?
This vulnerability is N/A
where did you reported this vulnerability? like do they have bb program or email from website only?
Bro if you can access it by default ,why the need for CORS ?!
We need to check is there CORS misconfiguration vulnerability or not
thanks for the reply dude!!
So if there was proper authorization control on the endpoint you would exploit the CORS misconfiguration ,but in your case its just Sensitive Data Exposure by just navigating to the endpoint ,right??!@@CybeR_FrosT
can you please explain both exploit bcz i know first one but not second...also the given link of github have not that script plz paste it in comment if possoble..
github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CORS%20Misconfiguration
bounty?
how to get the html code ?
is getting the /wp/v2/users/ also a vuln ?
yup
But nowadays this is only informative or N/A.
Bro , did you buy burpsuite professional or crack ?
Crack😉
oh okay@@CybeR_FrosT
@@CybeR_FrosThow do you get cracked one
What is the Bypass here?
CORS mechanism
need both scripts...
where i will get?
github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CORS%20Misconfiguration/README.md
rewarded ?
Yup💲💲💲💲😉
@@CybeR_FrosT1000$ 😅I know
critical??
Medium
N/A😂
Platform.... Hackerone?Yogosha😊
Dorking bro
Bro i message you on LinkedIn
Ok I'll check