Table of Contents
About
TRACK is an HTTP verb that tells the server to return the full request to the client. It is similar to the TRACE method. The HTTP TRACK method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes. An attacker can create a webpage using XMLHTTP, ActiveX, XMLDOM to cause a client issue a TRACK request and capture the client’s cookies; this effectively results ina Cross-Site Scripting attack (XSS)1.
Anki
Links
References
Microsoft. “TRACK”. Available at: https://techcommunity.microsoft.com/blog/iis-support-blog/http-track-and-trace-verbs/784482. (Accessed: ). ↩︎