Same Origin Method Execution

Definition#

Same-Origin Method Execution (SOME) is a security vulnerability that allows an attacker to execute functions of a web application in the context of another user’s session. This attack exploits the same-origin policy of web browsers but requires that the target website contains a suitable vulnerable function and that the attacker tricks the user into executing malicious JavaScript in their browser.

References#

• Real World CTF 2023 - The cult of 8 bit
• Youtube - Intigriti XSS challenge 1022
• HackTricks - SOME
• SOME Attack
• Bypass CSP Using WordPress By Abusing Same Origin Method Execution