wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-24 05:56:27 +02:00
Code Issues Releases Activity

Merge pull request #191 from drakang4/patch-1 

Fix typo
This commit is contained in:
Swissky 2020-04-22 09:59:31 +02:00 committed by GitHub
parent bf73393921 c2b8018617
commit 298da2d4e4
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CORS Misconfiguration/README.md
View File

@ -131,7 +131,7 @@ https://trusted-origin.example.com/?xss=<script>CORS-ATTACK-PAYLOAD</script>
### Vulnerable Example: Wildcard Origin `*` without Credentials
If the server responds with a wildcard origin `*`, the browser does never send
the cookies. Howver, if the server does not require authentication, it's still
the cookies. However, if the server does not require authentication, it's still
possible to access the data on the server. This can happen on internal servers
that are not accessible from the Internet. The attacker's website can then
pivot into the internal network and access the server's data withotu