Once you see the title you might have already know what this article is about. Yeah! Injecting some candies into your browser UserAgent might launch a XSS attack. Here’s how to do it :
For those who doesn’t know how to change user agent information :
To change the User Agent string, just enter about:config as an address in the address bar of FireFox, Now press the right mouse button to get the context menu and select “String” from the menu entry “New”. Enter the preference name “general.useragent.override”, without the quotes. Next, enter the new User Agent value you want Mozilla Firefox to use. (You can also use a FireFox plugin to do this)
This is where the XSS (Cross Site Scripting) play the role. You might enter this :
<script>alert(/XSS/);</script>
And visit the page you wanted to test, and see what happen 
Here is an example vulnerable site for you : http://www.quirksmode.org/js/detect.html
[...] (more…) [...]
Fun hack
No results or no action actually? Maybe no action!!
i’ve heard that we could launch sql injection attack thru UserAgent too , any idea about it ?
Yeah, it can only success when the site / board stores their visitor user-agent information without sanitizing it. That’s kinda rare
By the way we can also do some SQL Injection through cookies. The mechanism is the same as how user-agent SQL Injection works bro..
[...] so do RFIs. If not, I’ll write about it some other time. In Zoiz’ advisory page here: http://zoiz.web.id/xss-corner/useragent-xss.html or http://th0r.info/?p=77, he showed us that User Agent data from the browser, in this practice, [...]
Hi all!
If you want to move the victim to your page:
document.location=”yoursite”;
should be your agent…this is a cool thing
Andrew
Just an xss test.
just an xss test
<alert(“XSS”);//<