New Cross-Site Scripting Risks (TRACE Method)
http://isc.incidents.org/analysis.html?id=179
It is basically a twist on cross site scripting...
Quote:
> nc localhost 80
TRACE / HTTP/1.0
X-Header: test
(don't forget the empty line at the end)
The response will be:
HTTP/1.1 200 OK
.... (various server headers) ...
Content-Type: message/http
TRACE / HTTP/1.0
X-Header: test
The important part is that the entire request (including the dummy X-Header)
is echoed back.
There is also a snort signature in the article to detect this method being used and it applies to both apache and IIS...
/nebulus