RE: [Full-Disclosure] IE

From: rst (rst_at_zaebiz.com)
Date: 07/21/04

Next message: Xavier Beaudouin: "Re: [Full-Disclosure] A Popup! In Mozilla!"

Previous message: Jos Osborne: "RE: [Full-Disclosure] Hacking Challenge?"
Maybe in reply to: Gabriel Alexadros: "[Full-Disclosure] IE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Wed, 21 Jul 2004 12:41:15 +0400

The browser version could be checked using Jscript.
<script language="JScript">
alert(navigator.appCodeName+"\n"+navigator.appMinorVersion+"\n"+navigato
r.appName+"\n"+navigator.appVersion+"\n"+navigator.userAgent);
</script>
Run script above and feel happy.
Basically - you can setup the firewall to filter the user-agent like
strings (Not only in headers).

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of nicolas
vigier
Sent: Monday, July 19, 2004 3:47 PM
To: Ill will
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] IE

On Sun, 18 Jul 2004, Ill will wrote:

> "user-agent contains very little _sensitive_ info"
>
> user agents could be used for exploits.. like redirecting the browser
> to whatever exploit page by the definition of what browser is
> connecting to it etc.. so it would be a good idea for some people to
> conseal what type of browser is defined in the headers

And you can feel safe with that ? Someone can put an exploit on a page
without checking your browser before.
The real solution is to use a browser with no known vulnerability (and
that's better if it didn't have a lot in the past), not to try to hide
what you are using.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Xavier Beaudouin: "Re: [Full-Disclosure] A Popup! In Mozilla!"

Previous message: Jos Osborne: "RE: [Full-Disclosure] Hacking Challenge?"
Maybe in reply to: Gabriel Alexadros: "[Full-Disclosure] IE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Sencha Touch--Support 2 browsers in just 228K!
... It is advertised as the first "HTML5 framework" based ... very little of the script relates to HTML5. ... several of its key features rely on UA-based browser sniffing. ... iPhone/iPod/iPad devices account for 90% of the mobile market. ...
(comp.lang.javascript)
Re: Sencha Touch--Support 2 browsers in just 228K!
... Normalizes currentStyle and computedStyle. ... display style of "none" or any number of possibilities in IE). ... It is not set anywhere in this script. ... browser designs based on retrieving accurate computed style values are ...
(comp.lang.javascript)
Re: Which Is The Better Approach To Working With Javascript?
... implementation has no interprocess communication capability, or ability to interface with a script interpreter. ... Java SCRIPT runs in the browser exclusively. ... No language is written just for a single environment. ...
(comp.lang.php)
Re: Absolute element offsets--exercise in futility
... browser sniffing in lieu of feature testing. ... implemented in the latest rewrite of jQuery purports only to support ... it is dynamic script injection. ...
(comp.lang.javascript)
Controling Modal Dialogs
... In order to trap new windows created by script calls to window.open, ... Form and a new browser control in that tab. ... window.external.showModalDialog(dialog, varArgIn, varOptions);} ...
(microsoft.public.inetsdk.programming.webbrowser_ctl)