forked from six2dez/burp-bounty-profiles
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAllowCredentials.bb
1 lines (1 loc) · 1.01 KB
/
AllowCredentials.bb
1
[{"Name":"Access-Control-Allow-Credentials","Enabled":true,"Scanner":2,"Author":"n00py","UrlEncode":false,"Grep":["true,Or,Access-Control-Allow-Credentials: true"],"Tags":["All"],"PayloadResponse":false,"NotResponse":false,"isTime":false,"iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"isurlextension":false,"NegativeUrlExtension":false,"MatchType":1,"RedirType":1,"MaxRedir":0,"payloadPosition":0,"grepsFile":"","IssueName":"Access-Control-Allow-Credentials: True","IssueSeverity":"Information","IssueConfidence":"Certain","IssueDetail":"The application sets the Access-Control-Allow-Credentials: True HTTP header. An attempt should be made to manipulate the origin to see if origins are being reflected into the response.","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","VariationAttributes":[],"InsertionPointType":[],"Scantype":0,"pathDiscovery":false}]