{"categories":["Bug Bounty"],"width":"100%","type":"rich","title":"Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure\u3092\u8a33\u3057\u3066\u307f\u305f","published":"2022-03-31 15:53:14","description":"Hello there, ('\u03c9')\u30ce CORS\u3092\u60aa\u7528\u3057\u3066IDOR\u653b\u6483\u3092\u5b9f\u884c\u3057\u3001PII\u60c5\u5831\u306e\u958b\u793a\u306b\u3064\u306a\u304c\u308b\u3092\u3002 \u8106\u5f31\u6027\uff1a CORS\u306e\u8a2d\u5b9a\u30df\u30b9 \u60c5\u5831\u958b\u793a \u8a18\u4e8b\uff1a https://notmarshmllow.medium.com/exploiting-cors-to-perform-an-idor-attack-leading-to-pii-information-disclosure-95ef21ecf8ee \u4eca\u56de\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u3001E\u30b3\u30de\u30fc\u30b9\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3067\u3042\u308a\u3002 \u3044\u3064\u3082\u306e\u3088\u3046\u306b\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30d3\u30b8\u30cd\u30b9\u30ed\u30b8\u30c3\u30af\u306e\u8106\u5f31\u6027\u3092\u63a2\u3057\u3066\u3044\u3066\u3002 \u6700\u521d\u306e\u6570\u6642\u9593\u306f\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u3092\u7406\u89e3\u2026","version":"1.0","provider_url":"https://hatena.blog","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/T/ThisIsOne/20220331/20220331155827.png","url":"https://cysec148.hatenablog.com/entry/2022/03/31/155314","provider_name":"Hatena Blog","author_name":"ThisIsOne","blog_title":"Shikata Ga Nai","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2022%2F03%2F31%2F155314\" title=\"Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure\u3092\u8a33\u3057\u3066\u307f\u305f - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","blog_url":"https://cysec148.hatenablog.com/","height":"190"}