XSS And Headers...

["lok lok" <itslok () hotmail com>]

There used to be alot of discussion about XSS, cross-site scripting where 
you can insert html into pages that are viewed by many ppl and steal info...

most of these sites (e.g. a bulletin board) have been updated to protect 
this behaviour...

however, i've noticed that many do not cover headers..

e.g.

HTTP_USER_AGENT may be logged or stored somewhere when you sign-up to 
website "abc". The administrator, or whoever will check over your account 
and see your browser type...

normally it would contain something like... Mozilla/4.0 (compatible; MSIE 
6.0; Windows NT 5.1; .NET CLR 1.0.3705)
..

but with a proxy prog (i use proxomitron) you can change it to whatever you 
like..

for example: <img src="x.jpg" 
onError="this.src='steal.cgi?document.cookie';">

and if the site logs it, you just got the administrators password:)

Now, im yet to come across any sites that this works on because i just 
thought of it this afternoon but let me know if it works:) in any case, a 
lot of sites would log/store this kind of information so it should be fixed.




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx