Penetration Testing mailing list archives
Re: Cross Site Tracing examples?
From: tim <tim-security () sentinelchicken org>
Date: Wed, 18 Jun 2003 20:29:43 -0700
Hello Todd,
I'm looking for some detailed examples of XST. Google didn't turn up much except tons of press releases that the vulnerability exists, but I couldn't find any examples or exploit code to go along with it. In fact, I couldn't even find XST in the CVE database. Can anyone point me in the right direction here?
Obviously, the first place to start would be the Whitehat advisory, and from there I would read the thread on webappsec about it. XST doesn't give you a whole lot, from what I understand, except for a way to obtain HTTP AUTH passwords when you already have an XSS. The key is the XML request objects in IE and Mozilla. good luck, tim --------------------------------------------------------------------------- Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980 ----------------------------------------------------------------------------
Current thread:
- Cross Site Tracing examples? Todd A. Jacobs (Jun 18)
- RE: Cross Site Tracing examples? Toby Miller (Jun 19)
- Re: Cross Site Tracing examples? morning_wood (Jun 23)
- Re: Cross Site Tracing examples? Bill Pennington (Jun 19)
- Re: Cross Site Tracing examples? tim (Jun 19)
- Re: Cross Site Tracing examples? Martin Mačok (Jun 19)
- Advanced Port Scanner for Windows viv3kr (Jun 19)
- <Possible follow-ups>
- Fwd: Cross Site Tracing examples? Peter Wood (Jun 19)
- RE: Cross Site Tracing examples? Toby Miller (Jun 19)