{"height":"190","type":"rich","categories":["Bug Bounty"],"title":"Missing CORS leads to Complete Account Takeover\u3092\u8a33\u3057\u3066\u307f\u305f","author_name":"ThisIsOne","published":"2022-03-21 10:32:18","version":"1.0","blog_title":"Shikata Ga Nai","description":"Hello there, ('\u03c9')\u30ce CORS\u304c\u306a\u3044\u5834\u5408\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u5b8c\u5168\u306a\u4e57\u3063\u53d6\u308a\u306b\u3064\u306a\u304c\u308b\u3092\u3002 \u8106\u5f31\u6027\uff1a \u6b20\u843d\u3057\u3066\u3044\u308bCORS CSRF \u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u4e57\u3063\u53d6\u308a \u8a18\u4e8b\uff1a https://nirajmodi51.medium.com/missing-cors-leads-to-complete-account-takeover-1ed4b53bf9f2 \u4eca\u56de\u306e\u30bf\u30fc\u30b2\u30c3\u30c8\u3067\u30c6\u30b9\u30c8\u3057\u3066\u3044\u3066\u3002 \u30c9\u30e1\u30a4\u30f3\u306b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5168\u4f53\u306eCSRF\u304c\u3042\u308b\u3053\u3068\u3092\u767a\u898b\u3057\u3066\u3002 \u8106\u5f31\u6027\u304c\u5b58\u5728\u3057\u3066\u3044\u305f\u306e\u3067\u3001\u3053\u306e\u30d0\u30b0\u3092\u4ed6\u306e\u30d0\u30b0\u3068\u9023\u9396\u3055\u305b\u308b\u3068\u3002 \u4f55\u304b\u9762\u767d\u3044\u3082\u306e\u304c\u898b\u3064\u304b\u308b\u304b\u3082\u3057\u308c\u306a\u3044\u3068\u601d\u3063\u3066\u3002 Burp Suite\u3092\u8d77\u52d5\u3057\u3001\u3055\u2026","provider_name":"Hatena Blog","width":"100%","url":"https://cysec148.hatenablog.com/entry/2022/03/21/103218","image_url":null,"blog_url":"https://cysec148.hatenablog.com/","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2022%2F03%2F21%2F103218\" title=\"Missing CORS leads to Complete Account Takeover\u3092\u8a33\u3057\u3066\u307f\u305f - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","provider_url":"https://hatena.blog"}