XST ?

[MattMarked]

Hey everyone, I'm searching for a good Cross Site Tracing guide and everything related (Trace command, http only request etc..). Does anyone have something? Pdf, doc, video.. anything would be great :)

[weVeg]

Hey everyone, I'm searching for a good Cross Site Tracing guide and everything related (Trace command, http only request etc..). Does anyone have something? Pdf, doc, video.. anything would be great :)

Hi MattMarked, sorry but i have no idea what this vulnerability is  :-[ , is my lack!! therefore i don't have any guide!

edit: just a little searching in google:
https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
http://www.google.com/search?q=xst+vulnerability&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:it:unofficial&client=iceweasel-a
References

Whitepapers

    RFC 2616: “Hypertext Transfer Protocol -- HTTP/1.1”
    RFC 2109 and RFC 2965: “HTTP State Management Mechanism”
    Jeremiah Grossman: "Cross Site Tracing (XST)" - http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
    Amit Klein: "XS(T) attack variants which can, in some cases, eliminate the need for TRACE" - http://www.securityfocus.com/archive/107/308433
    Arshan Dabirsiaghi: "Bypassing VBAAC with HTTP Verb Tampering" - http://www.aspectsecurity.com/documents/Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf

[ZEROF]

Hi,

Open you favorite browser. Type http://www.google.com. In search field type Cross Site Tracing tutorial, exploit, attack etc. You will get  2 520 000 pages to learn from.

Have fun !