August 12th, 2005, 10:25 PM
Consider this code:
August 13th, 2005, 12:39 AM
You can spoof the UA simply from the webbrowser. IE won't allow you to change it but other browsers (like FireFox) allow you to adjust the user agent. That would mean that the UA could be used for script-code insertion...
But in this case you're only echoing the value of a string value. I don't think that would lead to the execution of code. However, if this was part of some SQL query, there could be a risk there...
August 13th, 2005, 09:52 AM