Skip to main content

Cross-site tracing

It s a network security vulnerability exploiting the HTTP TRACE method.

XST scripts exploit ActiveX, Flash, Java or any other controls that allow executing an HTTP TRACE request.

The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script.

In combination with cross domain access flaws in web browsers, the exploit is able to collect the cached credentials of any web site, including those utilizing SSL.

Read the rest of the article here (opens in new tab)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.