coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #91 from mr-wacker/patch-1

Browse Source 
Adding a new topic "trace.axd"
This commit is contained in:
Carlos Polop 2021-03-31 11:17:27 +01:00 committed by GitHub
commit ba217ce572
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pentesting/pentesting-web/iis-internet-information-services.md
View File

@ -155,3 +155,15 @@ You can also use **metasploit**: `use scanner/http/iis_shortname_scanner`
You can try to **mix** this **vulnerability** and the last one to find new **folders** and **bypass** the authentication.
## ASP.NET Trace.AXD enabled debugging
ASP.NET include a debugging mode and its file is called `trace.axd`.
It keeps a very detailed log of all requests made to an application over a period of time.
This information includes remote client IP's, session IDs, all request and response cookies, physical paths, source code information, and potentially even usernames and passwords.
https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
![Screenshot 2021-03-30 at 13 19 11](https://user-images.githubusercontent.com/31736688/112974448-2690b000-915b-11eb-896c-f41c27c44286.png)