From 9992990e40921ea9261112520c7cb25da25af0a7 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Sun, 25 Oct 2020 14:01:53 +0100 Subject: [PATCH] Update README.md --- CORS Misconfiguration/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md index 32e8deb0..32f00ad7 100644 --- a/CORS Misconfiguration/README.md +++ b/CORS Misconfiguration/README.md @@ -14,6 +14,11 @@ * [Corsy - CORS Misconfiguration Scanner](https://github.com/s0md3v/Corsy/) * [PostMessage POC Builder - @honoki](https://tools.honoki.net/postmessage.html) +## Prerequisites + +* BURP HEADER> `Origin: https://evil.com` +* VICTIM HEADER> `Access-Control-Allow-Credential: true` +* VICTIM HEADER> `Access-Control-Allow-Origin: https://evil.com` OR `Access-Control-Allow-Origin: null` ## Exploitation