[WEB SECURITY] Exploiting User-Agent XSS

James Manico jim at manico.net
Thu May 26 17:16:56 EDT 2011

Header modification has been locked down well in most browsers via JS. If
you find out otherwise, I think it's a browser bug.

Jim Manico

On May 26, 2011, at 11:27 AM, Atul Agarwal <atul at secfence.com> wrote:

Hello List,

Is anyone aware of any reliable method to force the user (victim) to
change/spoof the User-Agent of the browser so as to exploit a XSS Vuln.

The flash technique does not work any more.

Atul Agarwal
Secfence Technologies

The Web Security Mailing List

WebSecurity RSS Feed

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter

websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110526/b3ac2174/attachment-0003.html>

More information about the websecurity mailing list