| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rst at zaebiz.com (rst) Subject: IE The browser version could be checked using Jscript. <script language="JScript"> alert(navigator.appCodeName+"\n"+navigator.appMinorVersion+"\n"+navigato r.appName+"\n"+navigator.appVersion+"\n"+navigator.userAgent); </script> Run script above and feel happy. Basically - you can setup the firewall to filter the user-agent like strings (Not only in headers). -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of nicolas vigier Sent: Monday, July 19, 2004 3:47 PM To: Ill will Cc: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] IE On Sun, 18 Jul 2004, Ill will wrote: > "user-agent contains very little _sensitive_ info" > > user agents could be used for exploits.. like redirecting the browser > to whatever exploit page by the definition of what browser is > connecting to it etc.. so it would be a good idea for some people to > conseal what type of browser is defined in the headers And you can feel safe with that ? Someone can put an exploit on a page without checking your browser before. The real solution is to use a browser with no known vulnerability (and that's better if it didn't have a lot in the past), not to try to hide what you are using. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists