XST ?

Started by MattMarked, June 19, 2012, 03:35:32 PM

Previous topic - Next topic

MattMarked

Hey everyone, I'm searching for a good Cross Site Tracing guide and everything related (Trace command, http only request etc..). Does anyone have something? Pdf, doc, video.. anything would be great :)

weVeg

#1
Quote from: MattMarked on June 19, 2012, 03:35:32 PM
Hey everyone, I'm searching for a good Cross Site Tracing guide and everything related (Trace command, http only request etc..). Does anyone have something? Pdf, doc, video.. anything would be great :)
Hi MattMarked, sorry but i have no idea what this vulnerability is  :-[ , is my lack!! therefore i don't have any guide!

edit: just a little searching in google:
https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
http://www.google.com/search?q=xst+vulnerability&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:it:unofficial&client=iceweasel-a
References

Whitepapers

    RFC 2616: “Hypertext Transfer Protocol -- HTTP/1.1”
    RFC 2109 and RFC 2965: “HTTP State Management Mechanism”
    Jeremiah Grossman: "Cross Site Tracing (XST)" - http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
    Amit Klein: "XS(T) attack variants which can, in some cases, eliminate the need for TRACE" - http://www.securityfocus.com/archive/107/308433
    Arshan Dabirsiaghi: "Bypassing VBAAC with HTTP Verb Tampering" - http://www.aspectsecurity.com/documents/Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf


una voce libera è sempre liberatrice
under_r00t

ZEROF

Hi,

Open you favorite browser. Type http://www.google.com. In search field type Cross Site Tracing tutorial, exploit, attack etc. You will get  2 520 000 pages to learn from.

Have fun !


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*