Php Cors Wildcard Origin
Description
Detects insecure CORS (Cross-Origin Resource Sharing) configurations in PHP applications where the Access-Control-Allow-Origin header is set to wildcard (*). This misconfiguration allows any domain to make cross-origin requests to your application, potentially enabling malicious sites to access sensitive data.
Detection Strategy
• Identifies PHP header() function calls in the application code
• Checks if the header being set is related to CORS configuration (e.g. Access-Control-Allow-Origin)
• Flags cases where CORS headers use wildcard (*) values which allow unrestricted cross-origin access
• Reports vulnerability when header('Access-Control-Allow-Origin: *') or similar permissive CORS configurations are found
Vulnerable code example
<?php
// Dangerous: Sets CORS policy to allow requests from any origin
header('Access-Control-Allow-Origin: *');
// Dangerous: Trusts any origin from HTTP request without validation
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);✅ Secure code example
<?php
// Define allowed origins
$allowed_origins = [
'https://trusted-site.com',
'https://other-trusted.com'
];
// Get the origin from the request...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.