Loading…
Attending this event?
View analytic
Friday, May 12 • 12:25 - 13:10
Exploiting CORS Misconfigurations for Bitcoins and Bounties

Sign up or log in to save this to your schedule and see who's attending!

Feedback form isn't open yet.
Cross-Origin Resource Sharing (CORS) is a mechanism for relaxing the Same Origin Policy to enable communication between websites via browsers. It’s already widely understood that certain CORS configurations are dangerous. In this presentation, I'll skim over the old knowledge then coax out and share with you an array of under-appreciated but dangerous subtleties and implications buried in the CORS specification. I'll illustrate each of these with recent attacks on real websites, showing how I could have used them to steal bitcoins from two different exchanges, partially bypass Google's use of HTTPS, and requisition API keys from numerous others. I'll also show how CORS blunders can provide an invaluable link in crafting exploit chains to pivot across protocols, exploit the unexploitable via server and client-side cache poisoning, and even escalate certain open redirects into vulnerabilities that are actually notable.

Speakers
avatar for James Kettle

James Kettle

Head of Research, PortSwigger Web Security
James Kettle is head of research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on techniques to detect unknown classes of vulnerabilities, and the new Burp Collaborator system for identifying and exploiting asynchronous blind code injection. | James has extensive experience cultivating novel attack techniques, including server-side RCE via Template... Read More →


Friday May 12, 2017 12:25 - 13:10
Waterfront Center: Hall 1A