## Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted ## Author: nu11secur1ty ## Date: 03/15/2024 ## Vendor: https://www.halo.run/ ## Software: https://github.com/halo-dev/halo ## Reference: https://portswigger.net/web-security/cors ## Description: The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain. The application allowed access from the requested origin null The application allows two-way interaction from the null origin. This effectively means that any domain can perform two-way interaction by causing the browser to submit the null origin, for example by issuing the request from a sandboxed iframe or malicious fishing domain with a specially crafted HTML exploit. STATUS: HIGH- Vulnerability [+]Exploit: ```HTML

CORS POC Exploit

Extract SID
``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/HALO/2024/HALO-2.13.1) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2024/03/halo-2131-cross-origin-resource-sharing.html) ## Time spent: 00:25:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty