Detecting possible XST vulnerabilities
XST vulnerabilities are caused by the existence of Cross-Site Scripting (XSS) vulnerabilities in web servers where the HTTP method TRACE
is enabled. This technique is mainly used to bypass cookie restrictions imposed by the directive httpOnly
. Penetration testers can save time using Nmap to quickly determine if the web server has the method TRACE
enabled.
This recipe describes how to use Nmap to check whether HTTP TRACE
is enabled and therefore susceptible to possible XST vulnerabilities.
How to do it...
- Open a terminal and enter the following command:
$ nmap -p80 --script http-methods,http-trace --script-args http-methods.retest <target>
- If
TRACE
is enabled and accessible, we should see something like this:
PORT STATE SERVICE 80/tcp open http |_http-trace: TRACE is enabled | http-methods: GET HEAD POST OPTIONS TRACE | Potentially risky methods: TRACE | See http://nmap.org/nsedoc/scripts/http-methods.html | GET / ->...