WebApp Sec mailing list archives
XST
From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Tue, 21 Mar 2006 10:31:24 +0100
hi all,I am wondering if someone knowns a way to perform a xmlhttp request with TRACE on an iexplore 6 SP1.
Microsoft seems to block the use of the open("TRACE",url,false").
I saw on this list that IE can be tricked using
open("\r\nTRACE",url,false), but it doesn't work with the http server I
use (cisco web vpn gateway).
So, if there's another way to do that ... -- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com/tests-intrusion.html ------------------------------------------------------------------------- This List Sponsored by: SpiDynamicsALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- How to Create Secure Web Applications with Struts bugtraq (Mar 19)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries (Mar 20)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 21)
- A Modular Approach to Data Validation in Web Applications Stephen de Vries (Mar 27)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts George Capehart (Mar 21)
- XST Frederic Charpentier (Mar 21)
- Re: [WEB SECURITY] XST Amit Klein (AKsecurity) (Mar 21)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 21)
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries (Mar 20)