Thursday, September 22, 2011 0 comments
How to bypass Internet Explorer's XSS filter
Last night i was going through some security papers, then i have found a nice reaserch paper on bypassing Internet Explorer's XSS filter.
By default Internet Explorer 9 has a security system to help prevent Reflective XSS attacks. There are well known shortfalls of this system, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks. This paper is covering three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS. These are general attack patterns that are independent of Web Application platform.