Terence Eden. He has a beard and is smiling.

Terence Eden’s Blog

Theme Switcher:

The Unsecured State Part 2 - EduBase XSS (Disclosed & Fixed)

· 5 comments · 500 words · Viewed ~1,499 times


This is part 2 of a series of blog posts looking at the security of the UK Government's web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the case. Don't Press This Button Pressing this button will send a POST request to the Department of…