Cross-site tracing

From Wikipedia, the free encyclopedia

This article needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (July 2007)

The introduction to this article provides insufficient context for those unfamiliar with the subject.
Please help improve the article with a good introductory style.

Cross site tracing (XST) is a network security vulnerability exploiting the HTTP TRACE method.

XST scripts exploit ActiveX, Flash, Java or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script. In combination with cross domain access flaws in web browsers, the exploit is able to collect the cached credentials of any web site, including those utilizing SSL.

[edit] External links

Categories: Web security exploits

Views

Interaction

Search

Languages

This page was last modified 23:58, 26 January 2008 by Wikipedia user CmdrObot. Based on work by Wikipedia user(s) PixelBot, SmackBot, Jeepday, JonHarder, Windowlicker, Eskimbot, Ankurdave, Olborne, Michael Hardy, FlaBot, HenryLi, Alynna Kasmira and BorgQueen and Anonymous user(s) of Wikipedia.
All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-deductible nonprofit charity.
About Wikipedia
Disclaimers