[WEB SECURITY] Exploiting User-Agent XSS
jim at manico.net
Thu May 26 17:16:56 EDT 2011
Header modification has been locked down well in most browsers via JS. If
you find out otherwise, I think it's a browser bug.
On May 26, 2011, at 11:27 AM, Atul Agarwal <atul at secfence.com> wrote:
Is anyone aware of any reliable method to force the user (victim) to
change/spoof the User-Agent of the browser so as to exploit a XSS Vuln.
The flash technique does not work any more.
The Web Security Mailing List
WebSecurity RSS Feed
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity