[WEB SECURITY] Exploiting User-Agent XSS

James Manico jim at manico.net
Thu May 26 17:16:56 EDT 2011


Header modification has been locked down well in most browsers via JS. If
you find out otherwise, I think it's a browser bug.

Jim Manico

On May 26, 2011, at 11:27 AM, Atul Agarwal <atul at secfence.com> wrote:

Hello List,

Is anyone aware of any reliable method to force the user (victim) to
change/spoof the User-Agent of the browser so as to exploit a XSS Vuln.

The flash technique does not work any more.

Thanks,
Atul Agarwal
Secfence Technologies
http://www.secfence.com

_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110526/b3ac2174/attachment-0003.html>


More information about the websecurity mailing list