Re: http TRACE option

From: Bipin Upadhyay (muxical.geek@gmail.com)
Date: Sat Jan 19 2008 - 03:26:42 EST

• Next message: Trancer: "Re: http TRACE option"
• Previous message: Thakrar, Saurabh: "RE: Oracle URL SQL Injection issue"
• In reply to: pentestr: "http TRACE option"
• Next in thread: Trancer: "Re: http TRACE option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

pentestr wrote:
> Hi,
> what is the issue if TRACE option is enabled in web servers ? Nessus
> results always display it as warning.
> any idea...
>
XST (Cross Site Tracing)

Links:
www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST

[SNIPPED]

Regards,
Bipin Upadhyay.
http://projectbee.org

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Trancer: "Re: http TRACE option"
• Previous message: Thakrar, Saurabh: "RE: Oracle URL SQL Injection issue"
• In reply to: pentestr: "http TRACE option"
• Next in thread: Trancer: "Re: http TRACE option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT