CORS misconfigurations are often overlooked, but they can have severe consequences. We demonstrate how reflecting the origin header leads to code execution in Whistle.
The post Never Underestimate CSRF: Why Origin Reflection is a Bad Idea appeared first on Security Boulevard.