Exploiting CORS Misconfigurations for Bitcoins and Bounties - AppSec EU 2017

Explore the intricacies of Cross-Origin Resource Sharing (CORS) misconfigurations and their potential for exploitation in this 37-minute conference talk from AppSec EU 2017. Delve into under-appreciated subtleties within the CORS specification, illustrated through real-world attacks on websites. Learn how these vulnerabilities could be leveraged to steal bitcoins from exchanges, partially bypass Google's HTTPS implementation, and obtain API keys from various sources. Discover how CORS misconfigurations can be pivotal in crafting exploit chains across protocols, exploiting seemingly unexploitable vulnerabilities through cache poisoning, and escalating open redirects into notable security issues. Gain insights into core concepts, wildcards, origin reflection, and various attack vectors, while also exploring lessons for pentesters, developers, and browser manufacturers. Conclude with key takeaways and resources for further reading on this critical web security topic.

Intro
A MORAL STORY
OVERVIEW
CORE CONCEPT
WILDCARDS
SOLUTION
ORIGIN REFLECTION
STARTSWITH
ENDSWITH
NULL ORIGIN
exHTTPS
SUBDOMAINS
TUNNELLING
CACHE POISONING: CLIENT-SIDE
CACHE POISONING: SERVER-SIDE
PENTESTER LESSONS
SPEC LESSONS
BROWSER LESSONS • Multiple origins
DEVELOPER LESSONS
TAKE-AWAYS
FURTHER READING