cors-cross-origin-misconfiguration
CommunityFind CORS trust bugs and credentialed leaks.
Software Engineering#web security#cors#preflight#cross-origin#cache poisoning#origin validation#credentialed requests
AuthorDorianGallo
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps you identify CORS misconfigurations that allow cross-origin pages to read authenticated API responses, turning browser trust mistakes into real data exposure.
Core Features & Use Cases
- Credentialed CORS exposure analysis: Triages
Access-Control-Allow-Origin,Access-Control-Allow-Credentials, and preflight behavior to determine whether an attacker-controlled origin can read responses with cookies. - Origin validation failure patterns: Reviews reflection, wildcard/allowlist bypasses,
nullorigin acceptance, and caching mistakes (missingVary: Origin) that can enable CORS cache poisoning. - Actionable exploitation scenarios: Provides JSONP hijacking context, null-origin sandbox testing, Vary/origin caching verification, and an end-to-end internal-network CORS exploitation chain for realistic assessment.
Quick Start
Use the cors-cross-origin-misconfiguration skill to test a target endpoint for reflected origins, credential handling, preflight policy issues, and bypassable trust boundaries.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: cors-cross-origin-misconfiguration Download link: https://github.com/DorianGallo/hack-skills-local/archive/main.zip#cors-cross-origin-misconfiguration Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.