HowToHunt.md
API Testing
- Hidden API Functionality Exposure
- Reverse Engineer an API
Account Takeover Methodology
- Account Takeover Methodology
Application Level DoS
- Application Level DoS Methods
Authentication Bypass
Broken-Link Hijacking
- Broken-Link Hijacking
Broken Auth And Session Management
- Session Based Bugs
CMS
CORS
- CORS
- CORS Bypasses
CSRF
Finding CVEs
- CVES
CheckList
Web Page Source Code Review
- Web Page Code Review Tips
EXIF Geo Data Not Stripped
- EXIF Geo Data Not Stripped
File Upload Bypass
- File Upload Bypass
Find Origin IP
- Find Origin
GraphQL
- GraphQL
HTTP Desync Attack
- HTTP_Desync
Host-Header Attack
- Host-Header
HTML-Injection
- HTML-Injection
IDOR
- IDOR
JWT ATTACK
- JWT
JIRA ATTACK
- JIRA
MFA Bypass
- MFA Bypasses
- 2FA-Bypass
Misconfigurations
OAuth
- OAuth
- OAuth Hunting
Open Redirection
- Find OpenRedirect Trick
- Open Redirection Bypass
Parameter Pollution
- Parameter Pollution In Social Sharing Buttons
Password Reset Functionality
Rate Limit
Race Condition
- Race Condition
Recon
SQLi
- SQL Injection.md
SAML
- SAML
SSRF
- SSRF
- Blind SSRF
SSTI
- SSTI
Sign Up Functionality
- Sign Up Bugs
- Sign Up MindMap
Sensitive Info Leaks
Status Code Bypass
- Status_Code_Bypass Tips
- 403 Bypass
Subdomain Takeover
Tabnabbing
- Tabnabbing
WAF Bypasses
- WAF Bypass Using Headers
Weak Password Policy
- Weak Password Policy
XSS
XXE
- XXE Methods
- Billion Laugh Attack

Powered by GitBook

On this page

CORS Bypass
Authors
Reference Tweets

CORS

CORS Bypasses

CORS Bypass

Origin:null
Origin:attacker.com
Origin:attacker.target.com
Origin:attackertarget.com
Origin:sub.attackertarget.com
Origin:attacker.com and then change the method Get to post/Post to Get
Origin:sub.attacker target.com
Origin:sub.attacker%target.com
Origin:attacker.com/target.com

Authors

@tamimhasan404

Reference Tweets

https://twitter.com/trbughunters/status/1287023673845612546

https://twitter.com/Paresh_parmar1/status/1265251507655630848

https://twitter.com/Alra3ees/status/1141504347089584128

PreviousCORS NextCSRF

Last updated 4 years ago