skills.homes logoskills.homescapability registry
home/categories/security/wgpsec-aboutsecurity-skills-exploit-cors-misconfiguration-skill-md
cd ..
securitytesting-security

cors-misconfiguration

CORS 跨域配置错误检测与利用。当目标 API 返回 Access-Control-Allow-Origin 响应头、需要跨域访问敏感数据、或发现 Origin 头被反射回响应中时使用。可导致用户敏感数据窃取

View Sourcesecurity
wgpsec
maintainer
wgpsec
Updated 3/27/2026
Stars
1109
Forks
193
quick start

Installation and usage

CORS 跨域配置错误检测与利用。当目标 API 返回 Access-Control-Allow-Origin 响应头、需要跨域访问敏感数据、或发现 Origin 头被反射回响应中时使用。可导致用户敏感数据窃取

Installation
$ install --globalskills.sh
Usage

Once installed, you can use this skill by running the following command in your terminal:

skills use cors-misconfiguration