Cross-Site Tracing (XST) security vulnerability

			search use Perl

Cross-Site Tracing (XST) security vulnerability | Log in/Create an Account | Top | 13 comments | Search Discussion

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Hmm... (Score:2)

by Matts (1087) on 2003.01.23 3:22 (#16288)
( Last Journal: 2003.02.25 3:01 )

If I understand how it works correctly, it goes a bit like this:

I connect to malicious web server (or hacked friendly one)
That web server sends me some javascript
That javascript sends a TRACE request to some site it knows I use
The TRACE request bounces back my cookies/credentials
The javascript thus has access to those credentials that it didn't know how to get at before
The malicious web server can then re-use these credentials in other attacks

It's an interesting attack vector. I like it. One more reason not to allow remote web servers to run code on your machine (be it ActiveX or Javascript). Not that I'll be turning off Javascript any time soon though - the web is often just too hard to use without it. *sigh*.

[ Reply to This ]

Re:Hmm... by cbrooks (Score:1) 2003.01.23 14:38
Re:Hmm... by Matts (Score:2) 2003.01.23 14:49
Re:Hmm... by cbrooks (Score:1) 2003.01.23 21:06
Re:Hmm... by Matts (Score:2) 2003.01.24 3:10
Re:Hmm... by cbrooks (Score:1) 2003.01.24 8:39
Re:Hmm... by Matts (Score:2) 2003.01.24 11:05
Re:Hmm... by cbrooks (Score:1) 2003.01.24 12:26
Re:Hmm... by Matts (Score:2) 2003.01.24 16:21
Re:Hmm... by cbrooks (Score:1) 2003.01.27 10:43
Re:Hmm... by Matts (Score:2) 2003.01.27 11:48
Re:Hmm... by cbrooks (Score:1) 2003.01.27 13:31
Re:Hmm... by Matts (Score:2) 2003.01.27 15:40

"...this does not mean that some of us should not want, in a rather dispassionate sort of way, to put a bullet through csh's head." --Larry Wall in <[email protected]>