Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Since IE 8 has an XSS filter, is there really no way to exploit an XSS exploit using this browser? For example, a cookie stealer isn’t a threat to my site anymore?
(If you think this is not correct and you have a possible flaw in the filter, I’d like to know)
The XSS-Filter in IE8 can sure be beaten. It depends on the XSS-Vuln in the page whether it’s possible or not.
For example you can use weird encodings or a double XSS attack.
Edit:
This is an in-the-wild example of an XSS-Attack that would pass the IE8-Filter:
XSS on esrb.org