"Trace.axd is an Http Handler for .Net that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order, where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file."
http://www.ucertify.com/article/what-is-traceaxd.html
It is a separate file to store tracing messages. If you have pageOutput set to true, your webpage will acquire a large table at the bottom. That will list lots of information—the trace information. trace.axd allows you to see traces on a separate page, which is always named trace.axd.
http://www.dotnetperls.com/trace
LOW? Actually a Medium.
What can I do with it?
- Read ALL variables and data from HTTP requests
- POST requests rock! ?
Discovery?
- Metasploit
- Vuln Scanners
Metasploit
Example
Main trace.axd page
Viewing a request
Post request with creds
-CG
No comments:
Post a Comment