Can anyone explain what kinds of attacks are possible here? A malicious script on this website can identify that a service is running on a particular endpoint (IP + port), and depending on the server's CORS policy, the script may be able to submit HTTP requests to that service... am I getting it right? I can see how that might be dangerous if the service responds to simple GET requests with sensitive information, or has a well-documented REST API and no authentication. Is this the scope of the vulnerability, or is there more to it?
I tried this with a few different services running on my machine (a one-liner WEBrick server in Ruby, Syncthing, a plain-text accounting program calling beancount, etc. etc.) and the script didn't detect any. I take it that means that these services all don't allow CORS?
replies(1):