is it possible to fake $_SERVER['HTTP_USER_AGENT'];

[otuatail]

I have just picked this up in a log

 

Sat 20-Feb-2010 17:21:12

201.82.194.38

Home

imqqvlifp0krgl0li0gffldkf dpca0ktbehh // This is a browser?

[PFMaBiSmAd]

$_SERVER['HTTP_USER_AGENT'] is just a header that is sent with the http request. It can be set to anything.

[Deoctor]

<?php
$_SERVER['HTTP_USER_AGENT']="Mendy";

echo $_SERVER['HTTP_USER_AGENT'];
?> 

[otuatail]

No your missing the point. When I get qa hit on my website, I retreive all the system variables and log them in a database.

$Browser = $_SERVER['HTTP_USER_AGENT'];

echo $Browser;

 

This is an incomming value. Not me making changes to it. This has come from another PC.

 

Desmond.

 

[otuatail]

This has come from another PC with the IP address of 201.82.194.38

Which acording to whatsmyipaddress.com is in the heart of the

U S OF A

 

Desmond.

 

[Mchl]

As said before, this can be set to anything.

Example: http://johnbokma.com/mexit/2004/04/24/changinguseragent.html

[PFMaBiSmAd]

The post by ym_chaitu was totally irrelevant to your question.

 

Do you have an actual problem you are trying to solve?

 

Best guess on the information you have posted so far is that someone was trying to feed your script an invalid value to see if it would trigger an error in your validation logic to see if that gives out information about your server or script or to see if it triggers a database error that would then indicate that sql could be injected through your code.

[otuatail]

Possibly. when I get this information it usualy tells me what version of windows the guy is using as well as what browser. It also shows up if it is a web robot like googlebot. It appears that it is possible to override this information to the server which is why I received

imqqvlifp0krgl0li0gffldkf dpca0ktbehh as a user agent.