[WEB SECURITY] Exploiting User-Agent XSS

Atul Agarwal atul at secfence.com
Tue May 31 09:29:10 EDT 2011


Thanks guys for the help.

@Rohit : Thanks a lot for the scenario, but I was looking for a real life
scenario.

@Mustlive as Michal said, if you have a method to inject arbitrary headers
into cross-domain requests, we will all be very glad to hear about that!

Thanks,
Atul Agarwal
Secfence Technologies
http://www.secfence.com



On Tue, May 31, 2011 at 5:23 AM, Michal Zalewski <lcamtuf at coredump.cx>wrote:

> > It's not working in new versions of flash plugin, but it's working in
> older
> > versions. So no need to fully forget about it.
>
> There are many RCE and UXSS vulnerabilities in outdated Flash plugins;
> there is no way you can protect such users.
>
> > 3. Other advanced methods. Among them there is also such one as using of
> JS.
> > Even if other guys told you, that there is no possibility via JS, it's
> not
> > true - there is such way (which works in some browsers). I know about
> such
> > method from 2004 and at that time I wrote about it at one my site
> > (concerning not security purposes) and I tested this method in modern
> > versions of those browsers.
>
> Please do share. If you know a way to inject U-A headers into
> cross-domain requests, it would certainly be considered a browser bug
> - and would likely be addressed swiftly.
>
> /mz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110531/29ab4fd3/attachment-0003.html>


More information about the websecurity mailing list