TRACE Method Vulnerability Test
The endpoint appears to accept requests with TRACE HTTP Method. The original request was replayed by replacing the method value with TRACE. The application responded with 2XX success code.
Unnecessary HTTP Methods (UHM)
How this template works
APIs Selection
The template uses the API selection filters to specify the desired response code range. In this case, it filters for response codes greater than or equal to 200 and less than 300, indicating a successful response.
Execute request
The template executes a single request using the modified HTTP method TRACE and adds a new header called "new_test_header" with the value "test_val". This allows the template to test if the endpoint is vulnerable to unsafe HTTP methods by replaying the original request with the modified method.
Validation
The template validates the response by checking if the response code falls within the desired range (200-299) and if the response headers contain a key called "new_test_header". This ensures that the server responded with a success code and that the added header was present in the response.
Frequently asked questions
What is the purpose of the TRACE method in HTTP
How does the TRACE method pose a vulnerability in this test
What is the impact of the vulnerability identified in this test
What category does this vulnerability fall under
Are there any recommended references or resources to learn more about this vulnerability
How can this vulnerability be mitigated or resolved
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
