Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Cross Site Tracing examples?
From: tim <tim-security () sentinelchicken org>
Date: Wed, 18 Jun 2003 20:29:43 -0700

Hello Todd,

I'm looking for some detailed examples of XST. Google didn't turn up much 
except tons of press releases that the vulnerability exists, but I 
couldn't find any examples or exploit code to go along with it. In fact, I 
couldn't even find XST in the CVE database.

Can anyone point me in the right direction here?

Obviously, the first place to start would be the Whitehat advisory, and
from there I would read the thread on webappsec about it.

XST doesn't give you a whole lot, from what I understand, except for a
way to obtain HTTP AUTH passwords when you already have an XSS.  The key
is the XML request objects in IE and Mozilla.

good luck,
tim

---------------------------------------------------------------------------
Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get 
trustworthy commercial-grade exploits and the latest techniques from a 
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 
or call 617-399-6980
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault