Friday, July 7, 2017

Restrict Device Access [BWAPP]

In this bug any domain can perform two way interaction with this app, this is a high security risk you can change the : HTTP/Build Info Headers in user-agent

Every mobile apple device, iphone, ipad, or ipod uses a user agent that contains both 'Mobile' and 'Safari', always looks like this:
--> Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_2 like Mac OS X; de-de) AppleWebKit/528.18 (KHTML, like Gecko) Mobile/7D11" <--

   you can try to change the settings from User-Agent and gain access to app