CORS Misconfigurations: How Hackers Steal Your Cookies?

🐍 Portfolio: https://portfolio.medusa0xf.com/
✍️ Bug Bounty WriteUps:   / medusa0xf  

CORS misconfigs are low‑effort, high‑reward bugs that let apps leak session data if ignored.
I’ll show what these misconfigs actually do, real examples that make them dangerous, and how to spot them quickly.

--------------------------------------------------------------------------------------------------------------------------------------------
📱 Socials:
X:   / medusa_0xf  
Discord:   / discord  
LinkedIn:   / insha-j-38b822225  
Instagram:   / medusa_0xf  
--------------------------------------------------------------------------------------------------------------------------------------------

Reports:
https://hackerone.com/reports/426165
https://hackerone.com/reports/758785
https://0xn3va.gitbook.io/cheat-sheet...
-------------------------------------------------------------------------------------------------------------------------------------------

Timestamp:
Introduction: 0:00
What is Origin: 0:27
What is Same Origin: 0:52
Cross Origin and Headers: 1:29
Live Demo of Leaking Data: 2:48
Report 1: 7:58
Report 2: 11:53
Prelight & Cheatsheet: 13:41
Thoughts: 18:38

------------------------------------------------------------------------------------------------------------------------------------------
Lukrembo - Spaceship
Lukrembo - Apple tree
Lukrembo - Flower Cup

©Music provided by DreamWave Kingdom©
Watch the original movie here:    • 1983 SynthWave RetroWave [ No Copyright FR...  
--------------------------------------------------------------------------------------------------------------------------------------------

#xss #bugbounty #pentesting #infosec #cybersecurity #websecurity #portswigger #DOMInvader #securityresearch #ethicalhacking #vulnerability #exploit #javascript #webhacking #bugbountytips #reportwriting #zeroday #cve #idor #xss #oauth #chatgpt #owasp #owasptop10 #ssrf #recon #ethicalhacking #portswigger #owasp #bugbounty #cve #cybersecurity #graphql #apihacking #developer #hackerone #jwt #api #subdomain #portswigger #bugbounty #bola #postman #podcast #pentesting #api #hack #bola #tryhackme #hackerone