{{Refimprove, date=July 2007
In web security, cross-site tracing (abbreviated "XST") is a
network security
Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves th ...
vulnerability exploiting the
HTTP
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide We ...
TRACE method.
XST scripts exploit
ActiveX
ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide We ...
, Flash, or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and
HTTP cookie
HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's ...
contents, which are then available to the script. In combination with cross domain access flaws in
web browser
A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
s, the exploit is able to collect the cached credentials of any web site, including those utilizing
SSL SSL may refer to:
Entertainment
* RoboCup Small Size League, robotics football competition
* ''Sesame Street Live'', a touring version of the children's television show
* StarCraft II StarLeague, a Korean league in the video game
Natural language ...