Author Topic: XST ? (Read 3048 times)

MattMarked · **on:** June 19, 2012, 02:35:32 PM

Hey everyone, I'm searching for a good Cross Site Tracing guide and everything related (Trace command, http only request etc..). Does anyone have something? Pdf, doc, video.. anything would be great

weVeg · **Reply #1 on:** June 19, 2012, 03:02:24 PM

Quote from: MattMarked on June 19, 2012, 02:35:32 PM

Hey everyone, I'm searching for a good Cross Site Tracing guide and everything related (Trace command, http only request etc..). Does anyone have something? Pdf, doc, video.. anything would be great

Hi MattMarked, sorry but i have no idea what this vulnerability is

, is my lack!! therefore i don't have any guide!

edit: just a little searching in google:
https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
http://www.google.com/search?q=xst+vulnerability&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:it:unofficial&client=iceweasel-a
References

Whitepapers

RFC 2616: Ã¢Â€ÂœHypertext Transfer Protocol -- HTTP/1.1Ã¢Â€Â
RFC 2109 and RFC 2965: Ã¢Â€ÂœHTTP State Management MechanismÃ¢Â€Â
Jeremiah Grossman: "Cross Site Tracing (XST)" - http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
Amit Klein: "XS(T) attack variants which can, in some cases, eliminate the need for TRACE" - http://www.securityfocus.com/archive/107/308433
Arshan Dabirsiaghi: "Bypassing VBAAC with HTTP Verb Tampering" - http://www.aspectsecurity.com/documents/Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf

ZEROF · **Reply #2 on:** June 19, 2012, 03:11:09 PM

Hi,

Open you favorite browser. Type http://www.google.com. In search field type Cross Site Tracing tutorial, exploit, attack etc. You will get 2 520 000 pages to learn from.

Have fun !

Author Topic: XST ? (Read 3048 times)

MattMarked

XST ?

weVeg

Re: XST ?

ZEROF

Re: XST ?