Our security team identified that the web server accepts arbitrary origin request header. The application implements cross-origin resource sharing (CORS) policy for this request that allows access from any domain. We tried request with different origins (www.fakedomain.com) and it is accepted by server and valid response is sent back. (poc attached: “cors origin”)
Although, in our case
still the security team was able to successfully request access from a different domain
please help us understand is there any additional steps to be followed to ensure that,
Hi AnalystHOK
Were you able to execute a script ?
In the HTTP Header when parameter “Origin: https://fakedomain.com” was passed
Web Server accepts arbitrary Origin Header and sends valid response code 200