Tuesday 14 December 2010

List of Web Hacking Techniques




  • iPhone SSL Warning and Safari Phishing


  • RFC 1918 Blues


  • Slowloris HTTP DoS


  • CSRF And Ignoring Basic/Digest Auth



  • Hash Information Disclosure Via Collisions - The Hard Way


  • Socket Capable Browser Plugins Result In Transparent Proxy Abuse


  • XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+


  • Session Fixation Via DNS Rebinding


  • Quicky Firefox DoS


  • DNS Rebinding for Credential Brute Force


  • SMBEnum


  • DNS Rebinding for Scraping and Spamming


  • SMB Decloaking


  • De-cloaking in IE7.0 Via Windows Variables


  • itms Decloaking


  • Flash Origin Policy Issues


  • Cross-subdomain Cookie Attacks


  • HTTP Parameter Pollution (HPP)


  • How to use Google Analytics to DoS a client from some website.


  • Our Favorite XSS Filters and how to Attack them


  • Location based XSS attacks


  • PHPIDS bypass


  • I know what your friends did last summer


  • Detecting IE in 12 bytes


  • Detecting browsers javascript hacks


  • Inline UTF-7 E4X javascript hijacking


  • HTML5 XSS


  • Opera XSS vectors


  • New PHPIDS vector


  • Bypassing CSP for fun, no profit


  • Twitter misidentifying context


  • Ping pong obfuscation


  • HTML5 new XSS vectors


  • About CSS Attacks


  • Web pages Detecting Virtualized Browsers and other tricks


  • Results, Unicode Left/Right Pointing Double Angel Quotation Mark


  • Detecting Private Browsing Mode


  • Cross-domain search timing


  • Bonus Safari XXE (only affecting Safari 4 Beta)


  • Apple's Safari 4 also fixes cross-domain XML theft


  • Apple's Safari 4 fixes local file theft attack


  • A more plausible E4X attack


  • A brief description of how to become a CA


  • Creating a rogue CA certificate


  • Browser scheme/slash quirks


  • Cross-protocol XSS with non-standard service ports


  • Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”


  • MD5 extension attack


  • Attack - PDF Silent HTTP Form Repurposing Attacks


  • XSS Relocation Attacks through Word Hyperlinking


  • Hacking CSRF Tokens using CSS History Hack


  • Hijacking Opera’s Native Page using malicious RSS payloads


  • Millions of PDF invisibly embedded with your internal disk paths


  • Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection


  • Pwning Opera Unite with Inferno’s Eleven


  • Using Blended Browser Threats involving Chrome to steal files on your computer


  • Bypassing OWASP ESAPI XSS Protection inside Javascript


  • Hijacking Safari 4 Top Sites with Phish Bombs


  • Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency


  • Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF


  • IE8 Link Spoofing - Broken Status Bar Integrity


  • Blind SQL Injection: Inference thourgh Underflow exception


  • Exploiting Unexploitable XSS


  • Clickjacking & OAuth


  • Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk


  • Active Man in the Middle Attacks


  • Cross-Site Identification (XSid)


  • Microsoft IIS with Metasploit evil.asp;.jpg


  • MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency


  • Generic cross-browser cross-domain theft


  • Popup & Focus URL Hijacking


  • Advanced SQL injection to operating system full control (whitepaper)


  • Expanding the control over the operating system from the database


  • HTML+TIME XSS attacks


  • Enumerating logins via Abuse of Functionality vulnerabilities


  • Hellfire for redirectors


  • DoS attacks via Abuse of Functionality vulnerabilities


  • URL Spoofing vulnerability in bots of search engines (#2)


  • URL Hiding - new method of URL Spoofing attacks


  • Exploiting Facebook Application XSS Holes to Make API Requests


  • Unauthorized TinyURL URL Enumeration Vulnerability
  • No comments:

    Post a Comment