Home > Others

User Agent Cross-site attack

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

See someone posting to consult this question http://zone.wooyun.org/content/17658

I'm just going to take the case that refer was executed and I had a lot of cases

Usually on the internet we can also modify the browser user-agent and visit any website with your designated refer

Long-term so the internet you will have an unexpected harvest, my browser user-agent has been an XSS code

In addition to the statistics site, some sites will collect this information, especially mobile app, mobile phone model, serial number, version number, etc. will be collected
All of these places can be added to our XSS code
I have a number of success stories, successful XSS to some app vendors

Modify the/system/build.prop file is OK, the pro-test changes will not affect the normal use of the phone
But it's best to change the previous backup

buildinfo.sh #以下内容由脚本在编译时自动产生 ro.build.id=grj90 #build的标识, typically generated without modification at compile time ro.build.display.id=10hx2p.095h.120105.ad2 _3_5_v3. WVGAC_EN.COM_V01_3G #显示的标识, can be arbitrarily modified, displayed as a version of mobile phone information, many people modified into Dual Core 1.2GHz 756M ROM + 1G RAM (installed B) ro.build.version.increme ntal=eng.yanwj.1325834016 #版本的增加说明, generally do not show and do not need to modify ro.custom.build.version=1325834016 #版本修正, generally do not show and no need to modify Ro.build.ver sion.sdk=10 #系统编译时, use the SDK version, do not modify. Ro.build.version.codename=rel #版本编码名称, generally do not show or need to modify the ro.build.version.release=2.3.5 #公布的版本, displayed as a system version of mobile phone information, someone modified to 4. 0.5 (what is the highest official version?) Ro.build.date=fri Jan 6 15:16:19 CST #系统编译的时间, there is no need to modify the ro.build.date.utc=1325834179 #系统编译的时间 (digital version), there is no need to modify the Ro.build.type=user #系统编译类型, generally do not show and do not need to modify the Ro.build.user=uncle #系统用户名, can be modified to their own name Ro.build.host=ubuntu #系 System hostname, casually a name, the English letter means Ro.build.tags=test-keys #系统标记, meaningless, do not modify ro.product.model=hd7s #机器型号, as you create, you can call HD7 plus Android Ro.pro DUCT.BRAND=HTC #机器品牌, as you create, you can call SB HTC ro.product.name=pyramid #机器名, with you to create Ro.product.device=pyrAmid #设备名, create Ro.product.board=pyramid #主板名 with you

User Agent Cross-site attack

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
cross site scripting attack example user agent cross site scripting xss attack lab what is cross site scripting attack examples what is cross site scripting attack noscript detected potential cross site scripting attack 3 what is reflective cross site scripting attack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More