|
|
|
|
|
|
by jamesjguthrie
2086 days ago
|
|
|
It's a necessity that when implemented improperly leaves a sizeable security hole. I recently got a bug bounty for finding a CORS vulnerability and showing a proof of concept phishing site that uses all of the resources from the genuine origin. The site was accepting a wildcard origin whereas it should've used a whitelist. |
|
|