Security Hero Rotating Header Image

User Agent XSS anyone?

User Agent XSS anyone?

Posted by Zack Payton on Apr 22

Hi all,

I was just curios if anyone was aware of any interesting ways to
exploit user-agent based xss.
I suppose it would be easy in conjunction with HTTP response
splitting, but is anyone aware of any other vectors beside those
present in custom browser extensions?
I am interested in…

URL: http://seclists.org/pen-test/2009/Apr/0130.html

4 Comments

  1. "Penetration Testing (pen-test) Mailing List" says:

    Re: User Agent XSS anyone?

    Posted by Robin Wood on Apr 24

    2009/4/22 Zack Payton <zpayton_at_gmail.com>:
    > Hi all,
    >
    > I was just curios if anyone was aware of any interesting ways to
    > exploit user-agent based xss.
    > I suppose it would be easy in conjunction with HTTP response
    > splitting, but is anyone aware of any…

    URL: http://seclists.org/pen-test/2009/Apr/0136.html

  2. "Penetration Testing (pen-test) Mailing List" says:

    Re: User Agent XSS anyone?

    Posted by Morning Wood on Apr 24

    here is one I discoverd quite some time ago
    http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-06/0257.html

    UA XSS is particularly nasty in apps that format logs in html

    ( a simple registry edit was used to change the UA in IE )

    —– Original Message —–

  3. "Penetration Testing (pen-test) Mailing List" says:

    Re: User Agent XSS anyone?

    Posted by Luca Carettoni on Apr 25

    On Wednesday 22 April 2009, Zack Payton wrote:
    > Hi all,
    >
    > I was just curios if anyone was aware of any interesting ways to
    > exploit user-agent based xss.
    > I suppose it would be easy in conjunction with HTTP response
    > splitting, but is anyone aware of any other…

    URL: http://seclists.org/pen-test/2009/Apr/0155.html

  4. "Penetration Testing (pen-test) Mailing List" says:

    Re: User Agent XSS anyone?

    Posted by Zack Payton on Apr 27

    Arian,

    I was hoping for a good technique for being able to modify the user
    agent from java script even if the server isn’t susceptible to
    response splitting.
    Essentially, I have a web app that generates a web page and displays
    the user agent back to the client.
    I will take a look at the…

    URL: http://seclists.org/pen-test/2009/Apr/0172.html

Leave a Reply

Your email address will not be published. Required fields are marked *