Cross-Site Tracing (XST) security vulnerability (original) (raw)

If I understand how it works correctly, it goes a bit like this:

I connect to malicious web server (or hacked friendly one)
That web server sends me some javascript
That javascript sends a TRACE request to some site it knows I use
The TRACE request bounces back my cookies/credentials
The javascript thus has access to those credentials that it didn't know how to get at before
The malicious web server can then re-use these credentials in other attacks

It's an interesting attack vector. I like it. One more reason not to allow remote web servers to run code on your machine (be it ActiveX or Javascript). Not that I'll be turning off Javascript any time soon though - the web is often just too hard to use without it. *sigh*.