Have an account?
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
Who's Online (0)
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Web Application Security
Target supports http trace method,how can i upload shell?
As the title says i have been scanning my target for vulnerabilities And i have been found that the target is enabled or supporting the http trace method,
How i can exploit this to upload a shell on my target?
is it possible?
Also target is running windows 2003 o/s with
"Apache httpd 2.2.11 ((Win32) PHP/5.3.0)"
hope i will get some advice...
The exploit is basically XSS but its actually called XST (Cross-site tracing), all sites are vulnerable unless the track/trace methods are disabled. To execute the exploit your going to have to get a browser with the capability to run this, as most browsers have implemented features to disable execution of the exploit (such as Firefox, IE, Netscape, etc). So basically to have this run successfully the user you are trying to get cookies off would have to be running an old version of Firefox, IE or even any version of opera or safari. Here's a little site to give some more insight, I'm sure its still exploitable if a proper exploit is coded for new applications.
Add a Comment