GitHub Security Lab published an article on localhost dangers, CORS and DNS rebinding — and they directly reference and recommend my research on CORS misconfiguration attacks.
Here’s the exact moment: How can attackers exploit a CORS misconfiguration
This feels great. Really great.
If you haven’t read the original, here it is — complete with code examples and diagrams:
Bypassing browser tracking protection for CORS misconfiguration abuse