Tengo algunos problemas para ejecutar CORS respons form burp La aplicación permitió el acceso desde el origen solicitado enlace solicitud
GET wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.foo.com%2Fblog%2%2F HTTP/1.1
Host: www.foo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: https:foo.com
Cookie: TitleTrial=0; PitchTrial=0; __utma=223462276.2101520464.1484064735.1484839851.1485078453.10; __utmz=223462276.1485078453.10.4.utmcsr=fo|utmccn=(referral)|utmcmd=referral|utmcct=/fo; __distillery=8b8098c_148a7b11-3d02-465d-801a-c732e38c665f-14f1b05a3-cdd505b2b245-71f8; muxData=mux_viewer_id=2da4d2cf-1d56-4a49-9ee7-ff8da48f9416&msn=0.4423908694377975&sid=01c7e9f7-c253-4583-9e0c-89b4bbdc60b9&sst=1485078466920&sex=1485080221025; visitor_id77672=228495947; __atuvc=1%7C2%2C2%7C3; PHPSESSID=ke08cd41dm7p6dcfrfepnhat73; __utmc=223462276; __utmt=1; visitor_id77672-hash=__utmb=223462276.7.10.1485078453; pardot=had5nb89omptc2e886vpgqju83; wordpress_test_cookie=WP+Cookie+check;
Origin: https://xrmtfgxgjkzw.com
respuesta
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2017 10:52:02 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.28
Set-Cookie: wordpressuser_7d2ee02a401bf41376509ec6471db505=+; expires=Sat, 23-Jan-2016 10:52:02 GMT; Max-Age=-31536000; path=/blog/
Set-Cookie: wordpresspass_7d2ee02a401bf41376509ec6471db505=+; expires=Sat, 23-Jan-2016 10:52:02 GMT; Max-Age=-31536000; path=/blog/
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Access-Control-Allow-Headers: Authorization
Allow: GET
Access-Control-Allow-Origin: https://xrmtfgxgjkzw.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Credentials: true
Vary: Accept-Encoding,User-Agent
Content-Length: 2663
Connection: close
Content-Type: application/json; charset=UTF-8
Me pregunto si es una vulnerabilidad o no, y cómo no puedo explotar