Advertisement
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter
Examining And Bypassing The IE8 XSS Filter

Check these out next

Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.
n|u - The Open Security Community
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd
04. xss and encoding
04. xss and encoding
Eoin Keary
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...
adonatwork
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Ivan Ortega
Website Security
Website Security
MODxpo
Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)
Ritesh Raushan
Efficient Context-sensitive Output Escaping for Javascript Template Engines
Efficient Context-sensitive Output Escaping for Javascript Template Engines
adonatwork
1 of 33

Examining And Bypassing The IE8 XSS Filter

Jul. 16, 2009
Download to read offline
Technology
Business

http://www.owasp.org/index.php?title=OWASP_AU_Conference_2009_Presentations#Alex_Kouzemtchenko

kuza55
Advertisement
Advertisement
Advertisement

Recommended

Same Origin Policy WeaknessesSame Origin Policy Weaknesses
Same Origin Policy Weaknesseskuza5510.1K views16 slides
Same Origin Policy WeaknessesSame Origin Policy Weaknesses
Same Origin Policy Weaknesseskuza559.3K views51 slides
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei5K views41 slides
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE6.4K views84 slides
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & DefenseBlueinfy Solutions3.9K views50 slides
How To Detect XssHow To Detect Xss
How To Detect XssFerruh Mavituna5.6K views27 slides

More Related Content

Slideshows for you(20)

Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.
n|u - The Open Security Community158.3K views
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd7.8K views
04. xss and encoding04. xss and encoding
04. xss and encoding
Eoin Keary1.9K views
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...
adonatwork2.4K views
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Ivan Ortega1.9K views
Website SecurityWebsite Security
Website Security
MODxpo444 views
Web application security for java (XSS,Session Fixation)Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)
Ritesh Raushan1.6K views
Efficient Context-sensitive Output Escaping for Javascript Template EnginesEfficient Context-sensitive Output Escaping for Javascript Template Engines
Efficient Context-sensitive Output Escaping for Javascript Template Engines
adonatwork3.9K views
DEfcon15 XXE XXSDEfcon15 XXE XXS
DEfcon15 XXE XXS
pentest pentest1.3K views
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkVulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Pichaya Morimoto9.8K views
Dom based xssDom based xss
Dom based xss
Lê Giáp3K views
When Ajax Attacks! Web application security fundamentalsWhen Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
Simon Willison5.6K views
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the Wire
Rob Ragan15K views
Lie to Me: Bypassing Modern Web Application FirewallsLie to Me: Bypassing Modern Web Application Firewalls
Lie to Me: Bypassing Modern Web Application Firewalls
Ivan Novikov33.7K views
JSON SQL Injection and the Lessons LearnedJSON SQL Injection and the Lessons Learned
JSON SQL Injection and the Lessons Learned
Kazuho Oku37.8K views
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
Rob Ragan13.8K views
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without Fighting
Rob Ragan2K views
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
beched3.3K views
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012
Abraham Aranguren2.6K views
XSS Primer - Noob to Pro in 1 hourXSS Primer - Noob to Pro in 1 hour
XSS Primer - Noob to Pro in 1 hour
snoopythesecuritydog1.6K views

Viewers also liked(6)

XSSフィルターを利用したXSS攻撃 by Masato KinugawaXSSフィルターを利用したXSS攻撃 by Masato Kinugawa
XSSフィルターを利用したXSS攻撃 by Masato Kinugawa
CODE BLUE7.6K views
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
Masato Kinugawa38.7K views
X-XSS-Nightmare: 1; mode=attack ~XSSフィルターを利用したXSS攻撃~X-XSS-Nightmare: 1; mode=attack ~XSSフィルターを利用したXSS攻撃~
X-XSS-Nightmare: 1; mode=attack ~XSSフィルターを利用したXSS攻撃~
Masato Kinugawa21K views
SecurityCamp2015「バグハンティング入門」SecurityCamp2015「バグハンティング入門」
SecurityCamp2015「バグハンティング入門」
Masato Kinugawa31.6K views
キーワード駆動テストチュートリアルハンズアウト.03.06キーワード駆動テストチュートリアルハンズアウト.03.06
キーワード駆動テストチュートリアルハンズアウト.03.06
Toru Koido10.1K views
HTTP HOST header attacksHTTP HOST header attacks
HTTP HOST header attacks
DefconRussia18.6K views
Advertisement

Similar to Examining And Bypassing The IE8 XSS Filter(20)

Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan6.6K views
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
abhijitapatil9.6K views
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
Sean Jackson218 views
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar648 views
Prevoty NYC Java SIG 20150730Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730
chadtindel783 views
Sandboxing JS and HTML. A lession LearnedSandboxing JS and HTML. A lession Learned
Sandboxing JS and HTML. A lession Learned
Minded Security1.9K views
XSS filter on Server sideXSS filter on Server side
XSS filter on Server side
cuteboysmith1.7K views
Unusual Web BugsUnusual Web Bugs
Unusual Web Bugs
amiable_indian7K views
Web BugsWeb Bugs
Web Bugs
Dr Rushi Raval673 views
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp
dotnetcode110 views
Security AwarenessSecurity Awareness
Security Awareness
Lucas Hendrich96 views
Security In PHP ApplicationsSecurity In PHP Applications
Security In PHP Applications
Aditya Mooley1.7K views
Web Application SecurityWeb Application Security
Web Application Security
Abdul Wahid48.8K views
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilities
AngelinaJasper78 views
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript Developers
Lewis Ardern1.1K views
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web Apps
Frank Kim4.8K views
Ultimate xssUltimate xss
Ultimate xss
ARahim Özel2.6K views
Web application attacksWeb application attacks
Web application attacks
hruth56.2K views
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
Romanian Cyber Conference1.1K views
Javascript SecurityJavascript Security
Javascript Security
jgrahamc13.1K views

Recently uploaded(20)

Cloud-Native & Sustainability: How and Why to Build Sustainable WorkloadsCloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Nico Meisenzahl0 views
Do Reinvent the Wheel - Nov 2021 - DigiNext.pdfDo Reinvent the Wheel - Nov 2021 - DigiNext.pdf
Do Reinvent the Wheel - Nov 2021 - DigiNext.pdf
Hamidreza Soleimani0 views
Swarm Intelligence Applications in Unmanned Aerial Vehicles.pdfSwarm Intelligence Applications in Unmanned Aerial Vehicles.pdf
Swarm Intelligence Applications in Unmanned Aerial Vehicles.pdf
AswathiM280 views
Introduction to Virtualization.pptxIntroduction to Virtualization.pptx
Introduction to Virtualization.pptx
latifdhalait0 views
NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...
NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...
ssuser4b1f480 views
What are the Reactjs PropertiesWhat are the Reactjs Properties
What are the Reactjs Properties
TutorialsFreak0 views
【本科生、研究生】英国利物浦约翰莫尔大学毕业证文凭购买指南【本科生、研究生】英国利物浦约翰莫尔大学毕业证文凭购买指南
【本科生、研究生】英国利物浦约翰莫尔大学毕业证文凭购买指南
sutseu0 views
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
AnoopRamachandran130 views
architecture of android.pptxarchitecture of android.pptx
architecture of android.pptx
allurestore0 views
Raspberry pi presentation.pptxRaspberry pi presentation.pptx
Raspberry pi presentation.pptx
FrankAnthonyChin0 views
Space Hygiene.pdfSpace Hygiene.pdf
Space Hygiene.pdf
FerdiAfian12 views
Office 365 licensesOffice 365 licenses
Office 365 licenses
Princy Nadar0 views
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
#9 Calicut MuleSoft Meetup - Munits in Mule 4.pptx
JohnMathewPhilip0 views
【本科生、研究生】美国迈阿密大学牛津分校毕业证文凭购买指南【本科生、研究生】美国迈阿密大学牛津分校毕业证文凭购买指南
【本科生、研究生】美国迈阿密大学牛津分校毕业证文凭购买指南
akuufux0 views
Spring_Boot_Microservices-5_Day_Session.pptxSpring_Boot_Microservices-5_Day_Session.pptx
Spring_Boot_Microservices-5_Day_Session.pptx
Prabhakaran Ravichandran0 views
ChIP-Sequencing ChIP-Sequencing
ChIP-Sequencing
Hajra Qayyum0 views
RC522 RFID Reader_Write For Arduino.pdfRC522 RFID Reader_Write For Arduino.pdf
RC522 RFID Reader_Write For Arduino.pdf
RoboDJ0 views
fis-cn all staff 8.19.19.pptxfis-cn all staff 8.19.19.pptx
fis-cn all staff 8.19.19.pptx
tamz3310 views
iotSportsgroupFINAL.pptxiotSportsgroupFINAL.pptx
iotSportsgroupFINAL.pptx
DeeJeeV0 views
Crewlogout OverviewCrewlogout Overview
Crewlogout Overview
livestimes0 views
Advertisement

Examining And Bypassing The IE8 XSS Filter

  1. Examining and Bypassing the IE8 XSS Filter Alex Kouzemtchenko [email_address]
  10. XSS Filter Logic Flow Flow Chart stolen from http://blogs.technet.com/swi/archive/2008/08/18/ie-8-xss-filter-architecture-implementation.aspx
  31. Examining and Bypassing the IE8 XSS Filter Alex Kouzemtchenko [email_address] Thanks to David Ross, et al for making something fun to play with
Advertisement