Update README.md

mangzee · Oct 25, 2020 · 9992990 · 9992990
1 parent 91fc542
commit 9992990
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md
@@ -14,6 +14,11 @@
 * [Corsy - CORS Misconfiguration Scanner](https://github.com/s0md3v/Corsy/)
 * [PostMessage POC Builder - @honoki](https://tools.honoki.net/postmessage.html)
 
+## Prerequisites
+
+* BURP HEADER> `Origin: https://evil.com`
+* VICTIM HEADER> `Access-Control-Allow-Credential: true`
+* VICTIM HEADER> `Access-Control-Allow-Origin: https://evil.com` OR `Access-Control-Allow-Origin: null`
 
 ## Exploitation