[WEB SECURITY] Exploiting User-Agent XSS
websec10 at sic-sec.org
Thu May 26 13:56:52 EDT 2011
assuming that you mean a method which can automatically spoof the UA, you
need to find a vulnerability in the browser as all modern browsers do no
Though, I'm not sure about plug-ins like flash ...
But if you manage to proxy the request in question, that proxy can spoof
the UA and hence exploit the XSS vuln in the application.
Am 26.05.2011 15:04, schrieb Atul Agarwal:
> Hello List,
> Is anyone aware of any reliable method to force the user (victim) to
> change/spoof the User-Agent of the browser so as to exploit a XSS Vuln.
> The flash technique does not work any more.
> Atul Agarwal
> Secfence Technologies
More information about the websecurity