Penetration Testing mailing list archives

Re: User Agent XSS anyone?

From: Robin Wood <dninja () gmail com>
Date: Fri, 24 Apr 2009 01:01:41 +0100

2009/4/22 Zack Payton <zpayton () gmail com>:

Hi all,

I was just curios if anyone was aware of any interesting ways to
exploit user-agent based xss.
I suppose it would be easy in conjunction with HTTP response
splitting, but is anyone aware of any other vectors beside those
present in custom browser extensions?
I am interested in hearing about all vectors though, even those in
custom browser extensions.


I've seen visitor log viewers that display the UA, if they don't
sanitize the output correctly then you could get persistent XSS in
through that. At that point it is the same as any other XSS.

Robin

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? 
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

User Agent XSS anyone? Zack Payton (Apr 23)
- Re: User Agent XSS anyone? Robin Wood (Apr 23)
- Re: User Agent XSS anyone? Morning Wood (Apr 26)
- Re: User Agent XSS anyone? Luca Carettoni (Apr 26)
- Message not available
  - Re: User Agent XSS anyone? Zack Payton (Apr 27)