Dec 17, 2010

Web Hacking Techniques

    1. iPhone SSL Warning and Safari Phishing
    2. RFC 1918 Blues
    3. Slowloris HTTP DoS
    4. CSRF And Ignoring Basic/Digest Auth
    5. Hash Information Disclosure Via Collisions - The Hard Way
    6. Socket Capable Browser Plugins Result In Transparent Proxy Abuse
    7. XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+
    8. Session Fixation Via DNS Rebinding
    9. Quicky Firefox DoS
    10. DNS Rebinding for Credential Brute Force
    11. SMBEnum
    12. DNS Rebinding for Scraping and Spamming
    13. SMB Decloaking
    14. De-cloaking in IE7.0 Via Windows Variables
    15. itms Decloaking
    16. Flash Origin Policy Issues
    17. Cross-subdomain Cookie Attacks
    18. HTTP Parameter Pollution (HPP)
    19. How to use Google Analytics to DoS a client from some website.
    20. Our Favorite XSS Filters and how to Attack them
    21. Location based XSS attacks
    22. PHPIDS bypass
    23. I know what your friends did last summer
    24. Detecting IE in 12 bytes
    25. Detecting browsers javascript hacks
    26. Inline UTF-7 E4X javascript hijacking
    27. HTML5 XSS
    28. Opera XSS vectors
    29. New PHPIDS vector
    30. Bypassing CSP for fun, no profit
    31. Twitter misidentifying context
    32. Ping pong obfuscation
    33. HTML5 new XSS vectors
    34. About CSS Attacks
    35. Web pages Detecting Virtualized Browsers and other tricks
    36. Results, Unicode Left/Right Pointing Double Angel Quotation Mark
    37. Detecting Private Browsing Mode
    38. Cross-domain search timing
    39. Bonus Safari XXE (only affecting Safari 4 Beta)
    40. Apple's Safari 4 also fixes cross-domain XML theft
    41. Apple's Safari 4 fixes local file theft attack
    42. A more plausible E4X attack
    43. A brief description of how to become a CA
    44. Creating a rogue CA certificate
    45. Browser scheme/slash quirks
    46. Cross-protocol XSS with non-standard service ports
    47. Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”
    48. MD5 extension attack
    49. Attack - PDF Silent HTTP Form Repurposing Attacks
    50. XSS Relocation Attacks through Word Hyperlinking
    51. Hacking CSRF Tokens using CSS History Hack
    52. Hijacking Opera’s Native Page using malicious RSS payloads
    53. Millions of PDF invisibly embedded with your internal disk paths
    54. Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
    55. Pwning Opera Unite with Inferno’s Eleven
    56. Using Blended Browser Threats involving Chrome to steal files on your computer
    57. Bypassing OWASP ESAPI XSS Protection inside Javascript
    58. Hijacking Safari 4 Top Sites with Phish Bombs
    59. Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency
    60. Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF
    61. IE8 Link Spoofing - Broken Status Bar Integrity
    62. Blind SQL Injection: Inference thourgh Underflow exception
    63. Exploiting Unexploitable XSS
    64. Clickjacking & OAuth
    65. Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk
    66. Active Man in the Middle Attacks
    67. Cross-Site Identification (XSid)
    68. Microsoft IIS with Metasploit evil.asp;.jpg
    69. MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency
    70. Generic cross-browser cross-domain theft
    71. Popup & Focus URL Hijacking
    72. Advanced SQL injection to operating system full control (whitepaper)
    73. Expanding the control over the operating system from the database
    74. HTML+TIME XSS attacks
    75. Enumerating logins via Abuse of Functionality vulnerabilities
    76. Hellfire for redirectors
    77. DoS attacks via Abuse of Functionality vulnerabilities
    78. URL Spoofing vulnerability in bots of search engines (#2)
    79. URL Hiding - new method of URL Spoofing attacks
    80. Exploiting Facebook Application XSS Holes to Make API Requests
    81. Unauthorized TinyURL URL Enumeration Vulnerability