Bypassing Internet Explorer's XSS Filter

Presented at ToorCon San Diego 16 (2014), Oct. 26, 2014, 2 p.m. (20 minutes).

There is a known flaw in the built-in anti-reflective Cross Site Scripting filter in Microsoft’s Internet Explorer web browser. This is a flaw that Microsoft knows about- but has decided that it will not be fixed. Drop on by and learn a method for bypassing the anti-XSS filter in all versions of Microsoft’s Internet Explorer.

Presenters:

• Carlos Munoz
  Carlos still considers himself relatively new to the world of Information Security, coming from the field of Mechanical Drafting & Design. For the past three years he has focused on Web Application vulnerability assessment and light penetration testing.

Similar Presentations:

• GrrCON 2018 / w.e w.e Internet Explorer Does What It Wants
• BSidesLV 2014 / Oops, That Wasn't Suppossed To Happen: Bypassing Internet Explorer's Cross Site Scripting Filter
• Hackfest 2016 / XSS Auditor Bypass Workshop