Papers no image

Published on September 21st, 2011 📆 | 4091 Views ⚑


Bypassing Internet Explorer’s XSS Filter
Traps Of Gold – Defcon 2011

By default Internet Explorer 9 has a security system to help prevent Reflective XSS attacks. There are well known shortfalls of this system, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks[1]. This paper is covering three attack patterns that undermine Internet Explorer’s ability to prevent Reflective XSS. These are general attack patterns that are independent of Web Application platform.

Download PDF:

Tagged with:

Comments are closed.