[WEB SECURITY] Exploiting User-Agent XSS

Rohit Pitke rohirp92 at yahoo.com
Sun May 29 08:35:08 EDT 2011

That is correct. I am saying, is this possibility worked out anywhere? I am 
looking for some research papers/work done on it. I see it as bleak exploitation 
scenario still wondering.


From: Michal Zalewski <lcamtuf at coredump.cx>
To: Rohit Pitke <rohirp92 at yahoo.com>
Cc: Mike Duncan <Mike.Duncan at noaa.gov>; Atul Agarwal <atul at secfence.com>; 
websecurity at lists.webappsec.org
Sent: Sun, May 29, 2011 9:48:07 AM
Subject: Re: [WEB SECURITY] Exploiting User-Agent XSS

> Are group members aware of some technique wherein attacker would force
> victim's browser to set some proxy temporarily which is controlled by
> attacker only?

If you control a proxy for HTTP traffic, why would you bother changing
U-A on the request, instead of just grabbing the cookies or injecting
your XSS payload into the response?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110529/e8a11cf1/attachment-0003.html>

More information about the websecurity mailing list