TRACK Method Vulnerability Test
The endpoint appears to accept requests with TRACK HTTP Method. The original request was replayed by replacing the method value with TRACK. The application responded with 2XX success code.
Unnecessary HTTP Methods (UHM)
How this template works
APIs Selection
The template uses the API selection filters to specify the desired response code range. In this case, it filters for response codes greater than or equal to 200 and less than 300, indicating a successful response.
Execute request
The template executes a single request using the modified method "TRACK" and adds a new header called "new_test_header" with the value "test_val". This allows the template to test the vulnerability of the endpoint to the TRACK method.
Validation
After executing the request, the template validates the response. It checks that the response code is within the desired range (200-299) and verifies that the response headers contain a key called "new_test_header". This ensures that the request was successful and that the added header was received in the response.
Frequently asked questions
What is the purpose of the TRACK method in HTTP
How does the TRACK method pose a vulnerability in this test
What is the impact of the vulnerability identified in this test
What category does this vulnerability fall under
Are there any recommended mitigation techniques for this vulnerability
Are there any additional resources or references available for further understanding of this vulnerability
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
