Cross Origin Resource Sharing (CORS) Vulnerability | BugBountyTraining | Bug Bounty Service 

Glad you liked it!

That totally depends. In a Penetration Test it's a finding with low CVSS score. In Bug Bounty it's usually closed as informative however I had 2 companies pay me as a low. Normally they say in the Ts and Cs. CORS with impact. To pass cookies and make it impactful you need the allow credentials. Hope that makes sense?

Thanks

Thank you

They probably need authentication. Most API endpoints will require some sort of authentication.

Not necessarily. A 302 is a temporary redirect. you should check how the redirect is initiated. If it's via "Location" usually you cant pull anything meaningful of. Sometimes however it will redirect via window.location and then you might be able to introduce XSS

Yes absolutely. As a matter of fact you see CORS vulnerabilities often on POST requests

For Bug Bounty you often don't need to exploit it and just report the reflected headers. Some will accept it and some won't. For impact it depends. Take a look at the CORS labs from the Web Security Academy. Typically you make an Ajax call from your own host to a sensitive (behind login) function

yes

sorry, i listened for few minutes but you just repeated how this vulnerability works.

Ensure that the server only allows trusted origins to make cross-origin requests by properly configuring the Access-Control-Allow-Origin header. Additionally, use proper authentication and authorization mechanisms to prevent unauthorized access to sensitive resources.