2Ara
take advantage of XST attack to steal other user’s cookie
I've read about the XST attack, but the demonstration is just using a CURL or change the HTTP method to "TRACE" in the request.
Could anyone show me the POC/demo of how the attacker could stole victim's cookie using the XST vulnerability?