[WEB SECURITY] Exploiting User-Agent XSS
rohirp92 at yahoo.com
Sat May 28 06:46:58 EDT 2011
Leveraging reflected XSS by exploiting user in real time especially if
user-agent is XSS prone is far more difficult now. Almost close to impossible as
JS(browsers) and flash are not allowing it.
Are group members aware of some technique wherein attacker would force victim's
browser to set some proxy temporarily which is controlled by attacker only? i.e
Attacker-> victim's browser->attacker controlled proxy->change request->server
Changing proxy and profile in firefox is possible using specifically written
extension but not aware if any other easy way is out there? And that too work in
XSS exploit scenario. This might be hypothetical scenario but I will always use
this scenario to get issue fixed :-)
From: Mike Duncan <Mike.Duncan at noaa.gov>
To: Atul Agarwal <atul at secfence.com>
Cc: websecurity at lists.webappsec.org
Sent: Fri, May 27, 2011 7:43:48 PM
Subject: Re: [WEB SECURITY] Exploiting User-Agent XSS
-----BEGIN PGP SIGNED MESSAGE-----
By Flash technique, I guess you mean the use of AS' getUrl(). Perhaps a
Java/Silverlight/ActiveX app which makes the request with the malicious
UA and then dumps the response to a DIV or something on the page.
Of course, an applet/object trying to make a connection to another host
will need to be signed possibly meaning some social engineering is
required as well.
Application Security Specialist
US Government Contractor, STG Inc.
NOAA National Climatic Data Center
Information Technology Security (ITS)
On 05/26/11 09:04, Atul Agarwal wrote:
> Hello List,
> Is anyone aware of any reliable method to force the user (victim) to
> change/spoof the User-Agent of the browser so as to exploit a XSS Vuln.
> The flash technique does not work any more.
> Atul Agarwal
> Secfence Technologies
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
The Web Security Mailing List
WebSecurity RSS Feed
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity