🔒 CORS Protection Control
Toggle Cross-Origin Resource Sharing protection on API endpoints25
Total Devices
19
Active Devices
13
Compliance Issues
6
Departments
7
Device Types
📡 Device API Endpoints
Available APIs for device data access
Public APIs
/cors/api/devices
Basic device information (non-sensitive)
Sensitive APIs (CORS Protected)
/cors/api/devices/detailed
Complete device data including IMEI, phone numbers
/cors/api/devices/locations
Real-time device locations and contact info
🎯 CORS Attack Simulation
Simulate a cross-origin attack to steal device data
To demonstrate the CORS vulnerability:
- Ensure you're logged into this MDM dashboard
- Disable CORS protection using the toggle above
- Visit the evil benefits portal: 🏥 Employee Benefits Portal
- Click "Check Device Eligibility" on the evil site
- Return here to see the attack results
🔍 What Happens?
The evil site will attempt to steal your device data using your authenticated session. With CORS protection disabled, the attack succeeds. With protection enabled, the browser blocks the response.
📱 Recent Devices (Sample - 20/25)
| Device ID | Employee | Department | Device Type | OS Version | Last Seen | Status |
|---|---|---|---|---|---|---|
CORS-DEV-0001 |
Jack Ryan | Marketing | Google Pixel 8 | Android 14 | 2026-04-19 04:39:23 | Compliant |
CORS-DEV-0002 |
Alice Resident | Finance | iPhone 15 Pro | Windows 11 | 2026-04-19 21:39:23 | Compliant |
CORS-DEV-0003 |
Neo Anderson | HR | iPhone 14 | Windows 11 | 2026-04-20 09:39:23 | Security Risk |
CORS-DEV-0004 |
Ethan Hunt | Sales | Samsung Galaxy S24 | Android 14 | 2026-04-20 17:39:23 | Compliance Issue |
CORS-DEV-0005 |
Sarah Connor | IT | iPhone 15 Pro | Android 14 | 2026-04-20 00:39:23 | Compliance Issue |
CORS-DEV-0006 |
James Bond | Sales | iPad Pro | iOS 17.1 | 2026-04-21 07:39:23 | Compliant |
CORS-DEV-0007 |
Leon Kennedy | HR | MacBook Air M2 | Windows 11 | 2026-04-19 04:39:23 | Compliant |
CORS-DEV-0008 |
Sarah Connor | IT | Google Pixel 8 | Android 14 | 2026-04-18 21:39:23 | Compliant |
CORS-DEV-0009 |
Jack Ryan | HR | Surface Pro 9 | iOS 17.1 | 2026-04-20 15:39:23 | Compliant |
CORS-DEV-0010 |
Jason Bourne | Sales | Google Pixel 8 | iOS 17.1 | 2026-04-20 19:39:23 | Security Risk |
CORS-DEV-0011 |
Sarah Connor | Engineering | Google Pixel 8 | iOS 17.1 | 2026-04-19 00:39:23 | Compliant |
CORS-DEV-0012 |
Sarah Connor | Engineering | iPhone 15 Pro | iOS 17.1 | 2026-04-19 16:39:23 | Compliant |
CORS-DEV-0013 |
Alice Resident | Marketing | Samsung Galaxy S24 | Windows 11 | 2026-04-20 22:39:23 | Compliance Issue |
CORS-DEV-0014 |
Sarah Connor | Sales | iPad Pro | iOS 17.1 | 2026-04-20 23:39:23 | Compliance Issue |
CORS-DEV-0015 |
Ellen Ripley | Finance | iPad Pro | Windows 11 | 2026-04-21 09:39:23 | Compliance Issue |
CORS-DEV-0016 |
Alice Resident | Finance | MacBook Air M2 | Windows 11 | 2026-04-19 17:39:23 | Compliance Issue |
CORS-DEV-0017 |
Ethan Hunt | Marketing | iPhone 15 Pro | Windows 11 | 2026-04-20 07:39:23 | Compliant |
CORS-DEV-0018 |
Alice Resident | Finance | iPad Pro | Android 14 | 2026-04-20 16:39:23 | Compliance Issue |
CORS-DEV-0019 |
Trinity Anderson | Marketing | MacBook Air M2 | Android 14 | 2026-04-19 23:39:23 | Security Risk |
CORS-DEV-0020 |
Jason Bourne | Finance | iPhone 15 Pro | Windows 11 | 2026-04-18 21:39:23 | Compliance Issue |
Note: This table shows only basic device information. Sensitive data like IMEI numbers, phone numbers, and locations are available via API endpoints.