Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

TRACE Method XSS - Cross-Site Tracing (XST)

POC

Observe that TRACE method is enabled. Use XST to exploit XSS vulnerability: curl -X TRACE -H "Via: " https://website

Impact

Low

Likelihood

Low