The Unsecured State Part 2 - EduBase XSS (Disclosed & Fixed)
gove security Unsecured State xss · 5 comments · 600 words · read ~1,491 times.
This is part 2 of a series of blog posts looking at the security of the UK Government's web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the case. Don't Press This Button Pressing this button will send a POST request to the Department of Education's EduBase website. XSS DemonstrationDemo linkalert('JavaScript XSS');" /> Demonstrate XSS …
Continue reading →