Re: http TRACE option

From: Tim (tim-pentest@sentinelchicken.org)
Date: Fri Jan 18 2008 - 13:40:53 EST

• Next message: Clone: "Re: Oracle URL SQL Injection issue"
• Previous message: Hernan Ochoa: "Pass-The-Hash Toolkit v1.2 released."
• In reply to: pentestr: "http TRACE option"
• Next in thread: Florencio Cano: "Re: http TRACE option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> what is the issue if TRACE option is enabled in web servers ? Nessus
> results always display it as warning.
> any idea...

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

It was an over-hyped little attack, but it is not insignificant. It the
website also has a cross-site scripting vulnerability, XST can be used
to steal HTTP headers that wouldn't otherwise be available to JavaScript
et. al. For instance, basic auth headers and HttpOnly cookies. Without
an XSS hole to go along with it, it really isn't important AFAIK.

tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Clone: "Re: Oracle URL SQL Injection issue"
• Previous message: Hernan Ochoa: "Pass-The-Hash Toolkit v1.2 released."
• In reply to: pentestr: "http TRACE option"
• Next in thread: Florencio Cano: "Re: http TRACE option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT