A case of a misconfigured CORS implementation
During a recent penetration test I conducted against one of our client’s websites, I found an interesting case of a misconfigured CORS implementation that I would like to quickly showcase in this post. From Wikipedia, cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a