AppSec EU 2017 Exploiting CORS Misconfigurations For Bitcoins And Bounties by James Kettle

Поділитися
Вставка
  • Опубліковано 16 січ 2025

КОМЕНТАРІ • 32

  • @haythamkt5607
    @haythamkt5607 11 місяців тому +2

    The more I watch this man’s videos the more I respect him.

  • @ihebhamad1477
    @ihebhamad1477 4 місяці тому +3

    James is a legend thank you for this presentation

  • @tayfun6378
    @tayfun6378 5 років тому +5

    I smiled when I heard James' voice! love you man!

  • @RyanDewhurst
    @RyanDewhurst 7 років тому +5

    Great presentation and information!

  • @smiley_1000
    @smiley_1000 3 роки тому +3

    This all seems more like an issue with the browser being all to happy to share secrets between sites rather than an issue with the sites themselves.

    • @8ytan
      @8ytan Рік тому +3

      The browser by default does not allow cross-origin requests; these are all examples of sites specifically telling browsers that cross-origin requests should be allowed. The ability to permit certain cross-origin requests is incredibly useful and without it most services on the internet would break.

    • @tuandane82
      @tuandane82 Рік тому

      @@8ytan Does the CORS exploit work against the Authorization header as well, or only pass the session cookie?

    • @8ytan
      @8ytan Рік тому

      @@tuandane82 in theory if you're using an authorisation header containing an access token to authenticate, then misconfigured CORS isn't a huge concern because attempts to exploit the weak CORS policy will lack a valid token and therefore fail. That said, it's still good practice to think about what origins, methods etc. will reasonably need to access your service and configure the CORS headers accordingly.

    • @shubham_srt
      @shubham_srt Рік тому

      @@tuandane82 as far as i know , yes it works

    • @jub0bs
      @jub0bs 19 днів тому

      @@8ytan Careful: browsers do not by default block all cross-origin requests, even those issued by a JavaScript-based client (e.g. fetch) and those carrying cookies.

  • @saurav2281
    @saurav2281 7 років тому +2

    Very well explained..

  • @shubham_srt
    @shubham_srt Рік тому

    what if Cookies are set to lax but Access Control Allow Credentials is being sent as true. As Lax does not allow cookies to be set in XHR requests. how will the cookies be sent?

    • @somebody3014
      @somebody3014 9 місяців тому

      wondering about the same thing, did you find the answer?

    • @shubham_srt
      @shubham_srt 9 місяців тому

      @@somebody3014 Hey man, Lax settings are prioritised. Even if one condition is false, the cookies are not sent.
      So in my question cookies will not be sent as even Allow Credentials are true, Cookies are LAX (one true condition and one false) No cookies will be sent.
      Hope that clears the doubt.

    • @jub0bs
      @jub0bs 19 днів тому

      Careful: SameSite=Lax cookies may be sent included in JavaScript-based requests that cross Web origins. Look up "The great SameSite confusion". 😉

  • @pat049b
    @pat049b 4 роки тому

    Amazing work!

  • @yoshi5113
    @yoshi5113 Рік тому +1

    My favorite hacker

  • @ar-uh1dj
    @ar-uh1dj 4 роки тому

    Amazing presentation. Thumbs up

  • @nicoladellino8124
    @nicoladellino8124 6 років тому

    Nice video

  • @hirapirika7456
    @hirapirika7456 7 років тому

    WILL BITCOIN GET ATTACKED ?? IN FUTURE OR EXPLOITS ?

  • @hackersguild8445
    @hackersguild8445 6 років тому

    Great.:)

  • @jattboe8617
    @jattboe8617 5 років тому

    21:47

  • @gokus22
    @gokus22 7 років тому

    Awesome

  • @pranjalruhela1103
    @pranjalruhela1103 Рік тому

    Zomato didn't reply because they are an Indian company.

    • @shubham_srt
      @shubham_srt Рік тому

      They have always replied to me within hours! Surprised to see James getting ghosted , kinda weird, but it was 2017, maybe suff was different back then