Saturday, October 17, 2009

Cross Site Scripting (XSS) at User-Agent

Upon following-up the Honeypot project from WASC (WASC Distributed Open Proxy Honeypot), we were faced with a post by Ryan Barnett with comments about use of cross site scripting tags (XSS) in the de User-Agent heading (WASC Distributed Open Proxy Honeypot Update - XSS in User-Agent Field - http://tacticalwebappsec.blogspot.com/2009/08/wasc-distributed-open-proxy-honeypot.html )

We were curious as to know what we could obtain as a benefit in using this type of attack.

Initially, we have modified our User-Agent to:

Read more: Cross Site Scripting (XSS) at User-Agent

1 comment:

Viral said...

I'll be honest, this is nothing new.
If they're just now getting into this
they're well, behind in the times.
This was discovered sometime ago.