TRACE method is enabled

Description

The TRACE method is intended to help developers in debugging. Kayran was able to find that it’s enabled, which means the web server will echo the request using the Trace method in its response with the exact request that was received.

Bussines Impact

An attacker can use this information to conduct further attacks.

Recommendation

Disable TRACE method to avoid attackers using it to better exploit other vulnerabilities.

Reference

https://owasp.org/www-community/attacks/Cross_Site_Tracing

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »