What is the process of carrying out a CSRF attack through a badly configured CORS?

edit

A CSRF (Cross-Site Request Forgery) attack through a badly configured CORS (Cross-Origin Resource Sharing) involves the following steps:

1. The attacker creates a malicious website and embeds a script into it.
2. The victim visits the malicious website while being logged into a legitimate website in the same browser session.
3. The script on the malicious website sends a request to the legitimate website, using the victim's session cookies, to perform a specific action on behalf of the victim. This action can be anything that the victim has the authorization to perform on the legitimate website, such as changing the password or making a purchase.
4. However, the request is blocked by the same-origin policy, as the request is coming from a different domain than the legitimate website.
5. To circumvent the same-origin policy, the attacker exploits the badly configured CORS on the legitimate website by setting the Access-Control-Allow-Origin header to allow requests from any domain. This allows the malicious script to send the request successfully, as the browser now allows cross-origin requests.
6. The legitimate website performs the action requested by the attacker, believing it was coming from the victim.

In summary, a badly configured CORS can allow an attacker to bypass the same-origin policy and carry out a CSRF attack on a legitimate website with the victim's credentials.