CORS - Lab #1 CORS vulnerability with basic origin reflection | Long Video

you are amazing ^_

There was never ...even once anything mentioned related to the admin account in our script...still how come the logs display the admin info??

the GOAT of explainig

Thanks

@Rana Khalil is it necessary that i must write a script to go through i dont know how to code im trying to get started in bug bounty

It's very difficult for to send email to an admin when you don't have his email. I tried to do a pentesting on website, I found the admin username but not his email. Is there any other solution @Rana ?

what if the request is using only post method? how to create the payload??

Since in the fetch method, there is not the full uri given, how does the fetch method know that it has to GET-Request the exploit server? 🤯

what's the significance of apikeys why is it a secret information? what can you do with it? and wouldn't the session key be more critical because you can steal it and impersonate a user?

Great work! Thanks for explaining how to solve the lab without the "Go to exploit server" functionality.

Girl your explanation is fantastic. Much love, keep going

Thanks from Brasil, you are amazing!!

لايك وانا مغمض

top

I love your videos. keep up the good work. Thank you.