Cross-site tracing

In today's world, Cross-site tracing has gained unprecedented importance. Whether from an economic, technological, social or cultural point of view, Cross-site tracing is an issue that is constantly present in our lives. Its impact is so broad that its analysis and understanding is essential to understand the context in which we find ourselves. In this article, we will explore the different aspects and perspectives related to Cross-site tracing, with the aim of shedding light on its relevance and influence in our society.

Network security vulnerability exploiting the HTTP TRACE method

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Cross-site tracing" – news · newspapers · books · scholar · JSTOR (July 2007) (Learn how and when to remove this message)

In web security, cross-site tracing (abbreviated "XST") is a network security vulnerability exploiting the HTTP TRACE method.

XST scripts exploit ActiveX, Flash, or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script. In combination with cross domain access flaws in web browsers, the exploit is able to collect the cached credentials of any web site, including those utilizing SSL.

External links

• Cross-site tracing on use Perl.
• Vulnerability Note VU#867593 - Multiple vendors' web servers enable HTTP TRACE method by default
• WhiteHat Security - Whitepaper - Cross-Site Tracing (XST)