Giters

chenjj / CORScanner

🎯 Fast CORS misconfiguration vulnerabilities scanner

Home Page:https://pypi.org/project/cors/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Trust_null with wrong result

hayicle opened this issue · comments

commented

Hi,

As i tested in portswigger lab - The result is wrong with trust_null.

2020-08-12 17:24:32 INFO Start checking trust_null for https://acbd1f041e7e90af80c6221d008d000c.web-security-academy.net/accountDetails

response_header={'access-control-allow-origin': 'null', 'access-control-allow-credentials': 'true', 'content-type': 'application/json; charset=utf-8', 'x-xss-protection': '0', 'content-encoding': 'gzip', 'connection': 'close', 'content-length': '98'}
=> vulnerable
2020-08-12 17:24:34 INFO nothing found for {url: https://acbd1f041e7e90af80c6221d008d000c.web-security-academy.net/accountDetails, origin: null, type: trust_null}
=> however nothing found

May you please have a look ?
Have a nice day ^^!

commented

Oh...too bad... Thank you for pointing it out, @hayicle.