Results 1 to 3 of 3

Thread: User-Agent XSS

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Hybrid Mode
- Switch to Threaded Mode

Hybrid View

August 12th, 2005, 09:25 PM #1
Soda_Popinsky

View Profile

View Forum Posts

Visit Homepage
Join Date

Nov 2003

Posts

1,426
User-Agent XSS

Consider this code:

PHP Code:

<?php echo $_SERVER['HTTP_USER_AGENT']; ?>

Are there any simple means of exploiting this via XSS w/ Javascript? I'm looking for some neat javascript that would prove it... any help would be appreciated. I've been looking at Javascripts that can make GETs, but I need a simple method to forge HTTP headers, which I've been unable to find.

Thanks!

edit:
In this case, the user agent is not stored in any database, meaning the victim's UA would have to be spoofed somehow, probably w/ javascript.
Reply With Quote

Quick Navigation Web Security Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: User-Agent XSS

Thread Tools

Display

Hybrid View

User-Agent XSS

Posting Permissions