aspirepigshadow / gittalk

0 stars 0 forks source link

漏洞验证系列 | Aspirepig #9

Open aspirepigshadow opened 3 years ago

aspirepigshadow commented 3 years ago

https://aspirepig.cn/2018/07/23/lou-dong-yan-zheng-xi-lie/

HTTP TRACE / TRACK Methods Allowed 该漏洞是服务器开启了HTTP TRACE方法,该方法用于调试HTTP。可以结合xss漏洞形成XST攻击(主要是为了获取