Support This Channel
======================
Please like and subscribe, it means a lot!
Check out my cybsercurity and webdev site
www.webhacks.io
Please buy me a coffee so I can continue to make content.
buymeacoffee.c...
Join our Discord
/ discord
Here we make use of a HTTP trace request in order to provoke the server into revealing a custom HTTP header that is appended to our requests. We can use the knowledge of this custom header to spoof our location and allow admin access to the web app. This is considered an information disclosure vulnerability because TRACE requests are usually disabled on a production web server.