HOME

TheInfoList



Click Here for Items Related To - cross-site tracing
OR:
cross-site tracing on:   [Wikipedia]   [Google]   [Amazon]

{{Refimprove, date=July 2007 In web security, cross-site tracing (abbreviated "XST") is a
network security Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...
vulnerability exploiting the
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
TRACE method. XST scripts exploit
ActiveX ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. ...
,
Flash Flash, flashes, or FLASH may refer to: Arts, entertainment, and media Fictional aliases * Flash (DC Comics character), several DC Comics superheroes with super speed: ** Flash (Barry Allen) ** Flash (Jay Garrick) ** Wally West, the first Kid ...
, or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and
HTTP cookie HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's w ...
contents, which are then available to the script. In combination with cross domain access flaws in
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
s, the exploit is able to collect the cached credentials of any web site, including those utilizing SSL.


External links


Cross-site tracing on use Perl.Vulnerability Note VU#867593 - Multiple vendors' web servers enable HTTP TRACE method by defaultWhiteHat Security - Whitepaper - Cross-Site Tracing (XST)
Web security exploits