Question

An SOP-bypass bug often means that attackers can read private information or execute action as other users. This means that these vulnerabilities are often of high severity before any escalation attempts. But you can still escalate SOP-bypass issues by automation or by pivoting the attack using the information you’ve found. Can you harvest large amounts of user data by automating the exploitation of the SOP bypass? Can you use the information you’ve found to cause more damage? For example, if you can extract the security questions of a victim, can you use that information to completely take over the user’s account?

SOP 绕过漏洞经常意味着攻击者可以读取私人信息或作为其他用户执行操作。这意味着在任何升级尝试之前，这些漏洞通常具有高危性。但您仍然可以通过自动化或使用发现的信息轴心攻击来升级 SOP 绕过问题。通过自动化利用 SOP 绕过来收集大量用户数据吗？您可以使用找到的信息造成更多的破坏吗？例如，如果可以提取受害者的安全问题，您是否可以使用该信息完全接管用户的帐户？

Many researchers will simply report CORS misconfigurations without showing the impact of the vulnerability. Consider the impact of the issue before sending the report. For instance, if a publicly readable page is served with a null Access-Control-Allow-Origin header, it would not cause damage to the application since that page does not contain any sensitive info. A good SOP-bypass report will include potential attack scenarios and indicate how attackers can exploit the vulnerability. For instance, what data can the attacker steal, and how easy would it be?

许多研究人员会简单地报告 CORS 配置错误，而不展示漏洞的影响。在发送报告之前，请考虑该问题的影响。例如，如果公开可读的页面使用空的访问控制允许来源标头，那么它不会对应用程序造成损害，因为该页面不包含任何敏感信息。一个好的 SOP-bypass 报告将包括潜在的攻击场景，并指出攻击者如何利用漏洞。例如，攻击者可以窃取什么数据，以及这有多容易？