Difference between revisions of "Cross Site Tracing"
m (XST moved to Cross Site Tracing: I decided it's more proper if the article name isn't an acronym. I'll set up a re-direct for XST)
Revision as of 07:25, 11 October 2007
This type of attack can occur when the there is an XSS vulnerability and the server supports HTTP TRACE.
Avoidance and mitigation
- Disable HTTP Trace on your web server
- Prevent any XSS on your web site
Examples and References
- Cross-Site Tracing (XST): http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf