Bypassing Internet Explorer's XSS Filter

Presented at ToorCon San Diego 16 (2014), Oct. 26, 2014, 2 p.m. (20 minutes)

There is a known flaw in the built-in anti-reflective Cross Site Scripting filter in Microsoft’s Internet Explorer web browser. This is a flaw that Microsoft knows about- but has decided that it will not be fixed. Drop on by and learn a method for bypassing the anti-XSS filter in all versions of Microsoft’s Internet Explorer.


  • Carlos Munoz
    Carlos still considers himself relatively new to the world of Information Security, coming from the field of Mechanical Drafting & Design. For the past three years he has focused on Web Application vulnerability assessment and light penetration testing.

Similar Presentations: