This is a systematic playbook for catching CORS misconfigurations that let attackers read authenticated API responses from a victim's browser. It covers the usual suspects: reflected origins, null origin acceptance, weak regex allowlists, and the missing Vary header that can poison CDN caches. The null origin exploitation via sandboxed iframes is especially clean, and the subdomain XSS to CORS chain section shows how a single XSS on blog.target.com can break into api.target.com if the allowlist trusts *.target.com. Load this when you see Access-Control headers in responses or need to test whether browser-based attacks can exfiltrate sensitive data cross-origin. The regex bypass table alone will save you time.
npx skills add https://github.com/yaklang/hack-skills --skill cors-cross-origin-misconfiguration