Jump to content
An1cep1rate

Help with Xst

Recommended Posts

An1cep1rate

hey, so im trying to understand XST and how to execute a successful XST attack and i cant seem to be able to do it...

so im trying to perform a XST on my friends web site (with permission of course) he opened up a XSS vulnerability for me and enabled httponly and the trace method so i could try to steal a cookie/session id. but i cant seem to execute a payload this is the payload (found it on some blog):

<script>var xhr = new XMLHttpRequest();xhr.open('TRACE', 'http://test.lab/', false);xhr.send(null);if(200 == xhr.status)alert(xhr.responseText);</script>

but when i make a comment on his site i dont get a alert..

Thanks!

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×