[WEB SECURITY] Exploiting User-Agent XSS
atul at secfence.com
Tue May 31 09:29:10 EDT 2011
Thanks guys for the help.
@Rohit : Thanks a lot for the scenario, but I was looking for a real life
@Mustlive as Michal said, if you have a method to inject arbitrary headers
into cross-domain requests, we will all be very glad to hear about that!
On Tue, May 31, 2011 at 5:23 AM, Michal Zalewski <lcamtuf at coredump.cx>wrote:
> > It's not working in new versions of flash plugin, but it's working in
> > versions. So no need to fully forget about it.
> There are many RCE and UXSS vulnerabilities in outdated Flash plugins;
> there is no way you can protect such users.
> > 3. Other advanced methods. Among them there is also such one as using of
> > Even if other guys told you, that there is no possibility via JS, it's
> > true - there is such way (which works in some browsers). I know about
> > method from 2004 and at that time I wrote about it at one my site
> > (concerning not security purposes) and I tested this method in modern
> > versions of those browsers.
> Please do share. If you know a way to inject U-A headers into
> cross-domain requests, it would certainly be considered a browser bug
> - and would likely be addressed swiftly.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity