[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C5BAABE9D0419D4EA0335A4DCC8B9519273C@suka.zaebiz.com>
From: rst at zaebiz.com (rst)
Subject: IE
The browser version could be checked using Jscript.
<script language="JScript">
alert(navigator.appCodeName+"\n"+navigator.appMinorVersion+"\n"+navigato
r.appName+"\n"+navigator.appVersion+"\n"+navigator.userAgent);
</script>
Run script above and feel happy.
Basically - you can setup the firewall to filter the user-agent like
strings (Not only in headers).
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of nicolas
vigier
Sent: Monday, July 19, 2004 3:47 PM
To: Ill will
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] IE
On Sun, 18 Jul 2004, Ill will wrote:
> "user-agent contains very little _sensitive_ info"
>
> user agents could be used for exploits.. like redirecting the browser
> to whatever exploit page by the definition of what browser is
> connecting to it etc.. so it would be a good idea for some people to
> conseal what type of browser is defined in the headers
And you can feel safe with that ? Someone can put an exploit on a page
without checking your browser before.
The real solution is to use a browser with no known vulnerability (and
that's better if it didn't have a lot in the past), not to try to hide
what you are using.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists