Tuesday, May 29, 2012

From LOW to PWNED [12] Trace.axd

Post [12] Trace.axd

"Trace.axd is an Http Handler for .Net  that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order, where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file."

It is a separate file to store tracing messages. If you have pageOutput set to true, your webpage will acquire a large table at the bottom. That will list lots of information—the trace information. trace.axd allows you to see traces on a separate page, which is always named trace.axd.

LOW? Actually a Medium.

What can I do with it?

  • Read ALL variables and data from HTTP requests
  • POST requests rock! ?


  • Metasploit
  • Vuln Scanners


Main trace.axd page

Viewing a request

Post request with creds



No comments: