logo
DATABASE RESOURCES PRICING ABOUT US

Openfolio: Options Method Enabled

Description

Vuln Details: Domain: https://openfolio.com/ I detected that OPTIONS method is allowed Impact: Information disclosed from this page can be used to gain additional information about the target system. Remedy: Disable OPTIONS method in all production systems. POC: Request: OPTIONS /signup/ HTTP/1.1 Cache-Control: no-cache Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 Netsparker Accept-Language: en-us,en;q=0.5 Host: openfolio.com Cookie: csrftoken=sZn2eGRmRYFaXIFuPEbH31Fc5C7bZVQz; sessionid=o5t6wtfpeqs4f1fflyc1urhcg4qotbtb Accept-Encoding: gzip, deflate Response: OPTIONS /signup/ HTTP/1.1 Cache-Control: no-cache Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 Accept-Language: en-us,en;q=0.5 Host: openfolio.com Cookie: csrftoken=sZn2eGRmRYFaXIFuPEbH31Fc5C7bZVQz; sessionid=o5t6wtfpeqs4f1fflyc1urhcg4qotbtb Accept-Encoding: gzip, deflate