However, the TRACE method can be used to bypass this protection and access the cookie even in this scenario.
Turn off HTTP TRACE support on all webservers.
Code embedded in a web document has been controlled on the host when the visitors navigate malicious code executed in the browser.
The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script.
Below is the malicious code to be injected into the parameter.
<script>var xhr = new XMLHttpRequest(); xhr.open(‘TRACE’, ‘http://localhost/WebGoat/attack’, false); xhr.send(null); if(200 == xhr.status) alert(xhr.responseText);</script>
Captured POST Request shows the code has been entered.
The malicious code has been granted a OK 200 Response.