[WEB SECURITY] Exploiting User-Agent XSS

Michal Zalewski lcamtuf at coredump.cx
Mon May 30 19:53:31 EDT 2011

> It's not working in new versions of flash plugin, but it's working in older
> versions. So no need to fully forget about it.

There are many RCE and UXSS vulnerabilities in outdated Flash plugins;
there is no way you can protect such users.

> 3. Other advanced methods. Among them there is also such one as using of JS.
> Even if other guys told you, that there is no possibility via JS, it's not
> true - there is such way (which works in some browsers). I know about such
> method from 2004 and at that time I wrote about it at one my site
> (concerning not security purposes) and I tested this method in modern
> versions of those browsers.

Please do share. If you know a way to inject U-A headers into
cross-domain requests, it would certainly be considered a browser bug
- and would likely be addressed swiftly.


More information about the websecurity mailing list