This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cross Site Tracing"
(→Related Attacks and Vulnerabilites) |
|||
Line 50: | Line 50: | ||
* [[Testing for HTTP Methods and XST]] | * [[Testing for HTTP Methods and XST]] | ||
− | |||
− | |||
[[Category:Attack]] | [[Category:Attack]] |
Revision as of 20:03, 10 September 2008
- This is an Attack. To view all attacks, please see the Attack Category page.
ASDR Table of Contents
Description
An XST (Cross-Site Tracing) attack involves the use of XSS and the HTTP TRACE function. HTTP TRACE is a default function in many webservers primarily used for debugging. The client sends an HTTP TRACE with all header information including cookies, and the server simply responds with that same data. If using Javascript or other methods to steal a cookie or other information is disabled through the use of an "httpOnly" cookie or otherwise, an attacker may force the browser to send an HTTP TRACE request and send the server response to another site. "httpOnly" is an extra parameter added to cookies which hides the cookie from the script (supported in most, but not all browsers). For example "javascript:alert(document.cookie)" would not show an httpOnly cookie.
This type of attack can occur when the there is an XSS vulnerability and the server supports HTTP TRACE.
Avoidance and mitigation:
Risk Factors
Examples
Related Threat Agents
Related Attacks
Related Vulnerabilities
Related Controls
- Disable HTTP Trace on your web server
- Prevent any XSS on your web site
References
- Cross-Site Tracing (XST): http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf