The Unsecured State Part 2 - EduBase XSS (Disclosed & Fixed)
gove security Unsecured State xss · 5 comments · 500 words · Viewed ~1,499 times
This is part 2 of a series of blog posts looking at the security of the UK Government's web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the case. Don't Press This Button Pressing this button will send a POST request to the Department of…
Continue reading →