Using POST method to bypass IE-browser protected XSS

Up until now,  XSS prevention has been built in some popular browsers: Chrome, Safrai and Internet Explorer 8+.

We found Chrome and Safari prevent both POST and GET-based XSS.

Unfortunately, IE does not prevent POST-based XSS.

Get-Based XSS filtered by IE XSS Filter



POST-based XSS unfiltered by IE XSS Filter


Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

Jumping out of Touch Screen Kiosks

HttpOnly Session ID in URL and Page Body | Cross Site Scripting