Author Topic: XST ?  (Read 2878 times)

MattMarked

  • Newbie
  • *
  • Posts: 7
    • View Profile
on: June 19, 2012, 02:35:32 PM
Hey everyone, I'm searching for a good Cross Site Tracing guide and everything related (Trace command, http only request etc..). Does anyone have something? Pdf, doc, video.. anything would be great :)



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #1 on: June 19, 2012, 03:02:24 PM
Hey everyone, I'm searching for a good Cross Site Tracing guide and everything related (Trace command, http only request etc..). Does anyone have something? Pdf, doc, video.. anything would be great :)
Hi MattMarked, sorry but i have no idea what this vulnerability is  :-[ , is my lack!! therefore i don't have any guide!

edit: just a little searching in google:
https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29
http://www.google.com/search?q=xst+vulnerability&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:it:unofficial&client=iceweasel-a
References

Whitepapers

    RFC 2616: “Hypertext Transfer Protocol -- HTTP/1.1”
    RFC 2109 and RFC 2965: “HTTP State Management Mechanism”
    Jeremiah Grossman: "Cross Site Tracing (XST)" - http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
    Amit Klein: "XS(T) attack variants which can, in some cases, eliminate the need for TRACE" - http://www.securityfocus.com/archive/107/308433
    Arshan Dabirsiaghi: "Bypassing VBAAC with HTTP Verb Tampering" - http://www.aspectsecurity.com/documents/Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf


« Last Edit: June 19, 2012, 03:12:49 PM by weVeg »

una voce libera è sempre liberatrice
under_r00t


ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #2 on: June 19, 2012, 03:11:09 PM
Hi,

Open you favorite browser. Type http://www.google.com. In search field type Cross Site Tracing tutorial, exploit, attack etc. You will get  2 520 000 pages to learn from.

Have fun !



Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*