Last night i was going through some security papers, then i have found a nice reaserch paper on bypassing Internet Explorer's XSS filter. “read more” By default Internet Explorer 9 has a security system to help prevent Reflective XSS attacks.
There are well known shortfalls of this system, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks[1]. This paper is covering three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS. These are general attack patterns that are independent of Web Application platform.
Read here
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf
There are well known shortfalls of this system, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks[1]. This paper is covering three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS. These are general attack patterns that are independent of Web Application platform.
Read here
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf
0 comments:
Post a Comment