English Wikipedia @ Freddythechick

Cross-site tracing

Network security vulnerability exploiting the HTTP TRACE method

This is the current revision of this page, as edited by imported>Taumata994 at 20:59, 12 September 2020 (Importing Wikidata short description: "Network security vulnerability exploiting the HTTP TRACE method" (Shortdesc helper)). The present address (URL) is a permanent link to this version.

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

In web security, cross-site tracing (abbreviated "XST") is a network security vulnerability exploiting the HTTP TRACE method.

XST scripts exploit ActiveX, Flash, or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script. In combination with cross domain access flaws in web browsers, the exploit is able to collect the cached credentials of any web site, including those utilizing SSL.

External links

Retrieved from "https://enwiki.freddythechick.net/index.php?title=Cross-site_tracing&oldid=17014447"