How to bypass Internet Explorer's XSS filter

Home / XSS / How to bypass Internet Explorer's XSS filter

How to bypass Internet Explorer's XSS filter

Posted by Deepanker Verma Thursday, September 22, 2011 0 comments

How to bypass Internet Explorer's XSS filter

Last night i was going through some security papers, then i have found a nice reaserch paper on bypassing Internet Explorer's XSS filter.
By default Internet Explorer 9 has a security system to help prevent Reflective XSS attacks. There are well known shortfalls of this system, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks[1]. This paper is covering three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS. These are general attack patterns that are independent of Web Application platform.

Read here
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf