Friday, April 16, 2010

Abusing Internet Explorer 8's XSS Filters


Internet Explorer 8 implements an anti Cross-site Scripting (XSS) mechanism to detect certain types of XSS attacks. This feature can be abused by attackers in order to enable XSS on web sites and web pages that would otherwise be immune to XSS.


This information was presented @ Blackhat Europe by Eduardo Vela Nava (@sirdarckcat) and David Lindsay (@thornmaker)

The presentation slides and POCs can be found on their website....

No comments:

Post a Comment