[WEB SECURITY] Exploiting User-Agent XSS

Mike Duncan Mike.Duncan at noaa.gov
Fri May 27 10:13:48 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

By Flash technique, I guess you mean the use of AS' getUrl(). Perhaps a
Java/Silverlight/ActiveX app which makes the request with the malicious
UA and then dumps the response to a DIV or something on the page.

Of course, an applet/object trying to make a connection to another host
will need to be signed possibly meaning some social engineering is
required as well.

Mike Duncan
Application Security Specialist
US Government Contractor, STG Inc.
NOAA National Climatic Data Center
Information Technology Security (ITS)



On 05/26/11 09:04, Atul Agarwal wrote:
> Hello List,
> 
> Is anyone aware of any reliable method to force the user (victim) to
> change/spoof the User-Agent of the browser so as to exploit a XSS Vuln.
> 
> The flash technique does not work any more.
> 
> Thanks,
> Atul Agarwal
> Secfence Technologies
> http://www.secfence.com
> 
> 
> 
> _______________________________________________
> The Web Security Mailing List
> 
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> 
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> WASC on Twitter
> http://twitter.com/wascupdates
> 
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3fsZkACgkQnvIkv6fg9haKoQCgkb2TGzcvhQWsEs0652fsi+uz
FA8An0xOe0hfLRHqlKam4jvGo6hrCNb2
=nWNE
-----END PGP SIGNATURE-----




More information about the websecurity mailing list