Online Trace.axd File Scanner
ASP.NET's includes a powerful mechanism for detailed request tracing called Trace.axd and it can also be used by attackers to gain information about requests and responses to the application.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Everyone
Estimated Time
10 sec
Scan only one
Url
Parent Category
Online Trace.axd File Scanner Detail
ASP.NET's includes a powerful mechanism for detailed request tracing called Trace.axd. The Trace.axd application keeps a very detailed log of all requests made to an application over a period of time but it can also be used by attackers to gain information about requests and responses to the application.
An attacker can obtain information such as:
- Session cookies
- Session state
- Query string and post variables
- Physical path of the requested file
This means that the attacker can hijack any active user's session by using their session details.
Try it yourself,
control security posture
control security posture