Basic Test
curl -H "Origen:http://evil.com" --verbose http://www.test.com/example/testpage.phpServer Response
Access-control-allow-origens:* --- Vulnerable
Access-control-allow-origens: [null] --- Vulnerable
Access-control-allow-origens:http://evil.com --- Vulnerable
2x-Headers
Origen:http://evil.com
Origen:http://evil.comMethod2 [No HTTPS]
Req=> Origen:http://www.google.comRes=>Access-control-allow-origens:http://www.google.com
Res=>Access-control-allow-credentials:trueIf it is the respone then the Contents can be loaded from The
Note that if you have found an unsecure web app which allows all the domains to make requests to the sensitive infomation on the server try to find out the http method alow while making the request try using DELETE and put request if they are allowed !
Testing Crossdomain.xml
<allow-access-from domain="*"/> --- Vulnerable Completely