[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] IE
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] IE
- From: "rst" <rst@xxxxxxxxxx>
- Date: Wed, 21 Jul 2004 12:41:15 +0400
The browser version could be checked using Jscript.
<script language="JScript">
alert(navigator.appCodeName+"\n"+navigator.appMinorVersion+"\n"+navigato
r.appName+"\n"+navigator.appVersion+"\n"+navigator.userAgent);
</script>
Run script above and feel happy.
Basically - you can setup the firewall to filter the user-agent like
strings (Not only in headers).
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of nicolas
vigier
Sent: Monday, July 19, 2004 3:47 PM
To: Ill will
Cc: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] IE
On Sun, 18 Jul 2004, Ill will wrote:
> "user-agent contains very little _sensitive_ info"
>
> user agents could be used for exploits.. like redirecting the browser
> to whatever exploit page by the definition of what browser is
> connecting to it etc.. so it would be a good idea for some people to
> conseal what type of browser is defined in the headers
And you can feel safe with that ? Someone can put an exploit on a page
without checking your browser before.
The real solution is to use a browser with no known vulnerability (and
that's better if it didn't have a lot in the past), not to try to hide
what you are using.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html