Access Control based on Origin Header - Insecure Demo
acCOR.php located at www.andlabs.net reveals sensitive information to COR from www.andlabs.org.
CORs from other websites are not permitted and even accessing the page directly
only reveals a normal page with no sensitive information.
This page uses only the Origin header as an Access Control parameter.
This can be easily compromised by spoofing the Origin header with a client-side program like wget
Eg: wget --header="Origin: http://www.andlabs.org" www.andlabs.net/html5/acCOR.php
PHP Source of http://www.andlabs.net/html5/acCOR.php:
if($_SERVER['HTTP_ORIGIN'] == "http://www.andlabs.org")
echo "This is sensitive information only available to requests from www.andlabs.org";
echo "This is just a normal page with no sensitive information";
To make a request to this page from www.andlabs.org and view the response click here.