🔒 CORS Protection Control
Toggle Cross-Origin Resource Sharing protection on API endpoints25
Total Devices
20
Active Devices
10
Compliance Issues
6
Departments
6
Device Types
📡 Device API Endpoints
Available APIs for device data access
Public APIs
/cors/api/devices
Basic device information (non-sensitive)
Sensitive APIs (CORS Protected)
/cors/api/devices/detailed
Complete device data including IMEI, phone numbers
/cors/api/devices/locations
Real-time device locations and contact info
🎯 CORS Attack Simulation
Simulate a cross-origin attack to steal device data
To demonstrate the CORS vulnerability:
- Ensure you're logged into this MDM dashboard
- Disable CORS protection using the toggle above
- Visit the evil benefits portal: 🏥 Employee Benefits Portal
- Click "Check Device Eligibility" on the evil site
- Return here to see the attack results
🔍 What Happens?
The evil site will attempt to steal your device data using your authenticated session. With CORS protection disabled, the attack succeeds. With protection enabled, the browser blocks the response.
📱 Recent Devices (Sample - 20/25)
| Device ID | Employee | Department | Device Type | OS Version | Last Seen | Status |
|---|---|---|---|---|---|---|
CORS-DEV-0001 |
Neo Anderson | IT | Google Pixel 8 | Windows 11 | 2026-01-12 00:14:09 | Compliant |
CORS-DEV-0002 |
John Matrix | IT | MacBook Air M2 | iOS 17.1 | 2026-01-11 05:14:09 | Compliance Issue |
CORS-DEV-0003 |
John Matrix | Finance | Samsung Galaxy S24 | Windows 11 | 2026-01-12 10:14:09 | Security Risk |
CORS-DEV-0004 |
Lara Croft | Marketing | Surface Pro 9 | iOS 17.1 | 2026-01-10 23:14:09 | Security Risk |
CORS-DEV-0005 |
Neo Anderson | Finance | iPhone 14 | iOS 17.1 | 2026-01-10 06:14:09 | Compliance Issue |
CORS-DEV-0006 |
Jason Bourne | Finance | MacBook Air M2 | Windows 11 | 2026-01-11 01:14:09 | Compliant |
CORS-DEV-0007 |
Trinity Anderson | Engineering | iPhone 15 Pro | Android 14 | 2026-01-11 19:14:09 | Compliant |
CORS-DEV-0008 |
Ethan Hunt | Marketing | MacBook Air M2 | Windows 11 | 2026-01-10 09:14:09 | Compliant |
CORS-DEV-0009 |
Sarah Connor | Finance | Samsung Galaxy S24 | Android 14 | 2026-01-10 13:14:09 | Security Risk |
CORS-DEV-0010 |
Alice Resident | Finance | MacBook Air M2 | Android 14 | 2026-01-12 05:14:09 | Compliant |
CORS-DEV-0011 |
Trinity Anderson | Engineering | MacBook Air M2 | Android 14 | 2026-01-11 18:14:09 | Compliance Issue |
CORS-DEV-0012 |
Alice Resident | Finance | Samsung Galaxy S24 | iOS 17.1 | 2026-01-11 13:14:09 | Compliant |
CORS-DEV-0013 |
Leon Kennedy | Sales | iPhone 15 Pro | iOS 17.1 | 2026-01-09 23:14:09 | Compliant |
CORS-DEV-0014 |
Jack Ryan | Sales | MacBook Air M2 | Windows 11 | 2026-01-10 20:14:09 | Compliant |
CORS-DEV-0015 |
Leon Kennedy | Sales | Samsung Galaxy S24 | Android 14 | 2026-01-11 19:14:09 | Compliant |
CORS-DEV-0016 |
Sarah Connor | Sales | MacBook Air M2 | Windows 11 | 2026-01-12 11:14:09 | Compliance Issue |
CORS-DEV-0017 |
Ethan Hunt | HR | MacBook Air M2 | Android 14 | 2026-01-10 04:14:09 | Compliance Issue |
CORS-DEV-0018 |
Jack Ryan | IT | Google Pixel 8 | Android 14 | 2026-01-10 10:14:09 | Compliance Issue |
CORS-DEV-0019 |
Jack Ryan | HR | Google Pixel 8 | Android 14 | 2026-01-12 05:14:09 | Compliant |
CORS-DEV-0020 |
Trinity Anderson | Sales | Google Pixel 8 | Windows 11 | 2026-01-10 23:14:09 | Compliance Issue |
Note: This table shows only basic device information. Sensitive data like IMEI numbers, phone numbers, and locations are available via API endpoints.