Think Outside the Scope: Advanced CORS Exploitation Techniques

Information Disclosure

Two different cases of how I was able to exploit a CORS misconfiguration: The first case based on an XSS, and requires thinking outside of the scope, and the second is based on an advanced CORS exploitation technique.