CORS Misconfiguration, could lead to disclosure of sensitive information (translate.kromtech.com)

### Summary CORS Misconfiguration, could lead to disclosure of sensitive information (translate.kromtech.com) ### Steps to reproduce In PoC section we send Origin: http://owmzuoswdxrx.com header and server respond to us with Access-Control-Allow-Origin: http://owmzuoswdxrx.com and Access-Control-Allow-Credentials: true headers which mean that server is vulnerable. Request: ``` GET / HTTP/1.1 Host: translate.kromtech.com Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Origin: http://owmzuoswdxrx.com Cookie: PHPSESSID=hftjf037mdcu83res34fvbjot3 ``` Response: ``` HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2019 11:44:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: http://owmzuoswdxrx.com Access-Control-Allow-Credentials: true Content-Length: 2477 <!DOCTYPE html><html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Zeo Translate - Index</title> <link rel="stylesheet" type="text/css" href="/css/base.css"> <link rel="stylesheet" type="text/css" href="/css/default.css"> ... ```