Re: http TRACE option
- From: Alexander Bondarenko <al.bondarenko@xxxxxxxxx>
- Date: Fri, 18 Jan 2008 23:51:58 +0300
Hi !
If i understand it right cookies are sometimes protected with httpOnly
attribute from access with javascript on the web page (see below)
HttpOnly - If this attribute is set, then the cookie cannot be directly
accessed via client-side JavaScript, although not all browsers support
this restriction.
So in order to get cookies you need to use the TRACE method because it send
all your info back and only using this request can you get cookies with
javascript (in XSS attack for example).
P.S. Sorry for my English, it's not my native language.
On Thursday 17 January 2008 23:40, pentestr wrote:
Hi,
what is the issue if TRACE option is enabled in web servers ? Nessus
results always display it as warning.
any idea...
Thanks in advance.
Rgds.
P.T.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- http TRACE option
- From: pentestr
- http TRACE option
- Prev by Date: Ultra VNC-3DES-is it secure
- Next by Date: Re: http TRACE option
- Previous by thread: Re: http TRACE option
- Next by thread: Re: http TRACE option
- Index(es):
Relevant Pages
|
|
