Is it possible in a Real world scenario to exploit this type of XSS, I'm injecting the payload in the User agent header and it is executed on it's response page. Can I craft this request such that the victim gets the changed User agent header with the request?
Asked
Active
Viewed 2,229 times
1
-
It would have to be stored, not reflected, if you want to exploit someone other than yourself. – Anders Jan 10 '18 at 14:16