Re: forking based on resolution

[Atul Agarwal <atul () secfence com>]

Hello,

If the aim is only to detect the PDA usage and force the user to view the
page with a desktop, an alternative solution would be checking the user
agent via a server side script.

Example in PHP:

<?php
if(preg_match('YOUR_REGEX',$_SERVER['HTTP_USER_AGENT'])
{
print "Something convincing to switch on to a desktop";
}
else
{
header("location:path_to_exploit");
}
?>

Replace "YOUR_REGEX" by a part of the user_agent of the PDA.

The downside of this method is that you will have to blacklist or whitelist
all possible user agents, whereas in js method, the example by scriptjunkie
would work in most scenarios.

On other note, I just checked the resolution of iphone4, and it was more
than 800x600, so the resolution checking would've failed I think.

Hope it helped.

Thanks,
Atul Agarwal
Secfence Technologies


On Sun, Jun 20, 2010 at 3:17 AM, Jeffs <jeffs () speakeasy net> wrote:

> Any ideas on how to fork exploits based on the resolution of a the browser?
>  It seems to me this would be a great switch to have in the program so one
> could deliver expolits/payloads based on the resolution:
>
> set resolution browser
>
> with this setting "on" a message would be displayed to the user that they
> must view the page using a browser capable of > 800 x 600, thereby forcing
> the user to switch from PDA to desktop/laptop.
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework