Posts
1. Creating a rogue CA certificate
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger
2. HTTP Parameter Pollution (HPP)
Luca Carettoni, Stefano diPaola
3. Flickr's API Signature Forgery Vulnerability (MD5 extension attack)
Thai Duong and Juliano Rizzo
4. Cross-domain search timing
Chris Evans
5. Slowloris HTTP DoS
Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu & Ivan Ristic - “Programming Model Attacks” section of Apache Security for describing the attack, but did not produce a tool)
6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug)
Soroush Dalili
7. Exploiting unexploitable XSS
Stephen Sclafani
8. Our Favorite XSS Filters and how to Attack them
Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)
9. RFC1918 Caching Security Issues
Robert Hansen
10. DNS Rebinding (3-part series Persistent Cookies, Scraping & Spamming, and Session Fixation)
Robert Hansen
2. HTTP Parameter Pollution (HPP)
Luca Carettoni, Stefano diPaola
3. Flickr's API Signature Forgery Vulnerability (MD5 extension attack)
Thai Duong and Juliano Rizzo
4. Cross-domain search timing
Chris Evans
5. Slowloris HTTP DoS
Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu & Ivan Ristic - “Programming Model Attacks” section of Apache Security for describing the attack, but did not produce a tool)
6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug)
Soroush Dalili
7. Exploiting unexploitable XSS
Stephen Sclafani
8. Our Favorite XSS Filters and how to Attack them
Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)
9. RFC1918 Caching Security Issues
Robert Hansen
10. DNS Rebinding (3-part series Persistent Cookies, Scraping & Spamming, and Session Fixation)
Robert Hansen
Coming up at IT-Defense (Feb. 3 - 5) and RSA USA 2010 (Mar. 1 - 5) it will be my great honor to introduce each of the top ten during my “2010: A Web Hacking Odyssey” presentations. Each technique will be described in technical detail for how they work, what they can do, who they affect, and how best to defend against them. The opportunity provides a chance to get a closer look at the new attacks that could be used against us in the future.
The Complete List
- Persistent Cookies and DNS Rebinding Redux
- iPhone SSL Warning and Safari Phishing
- RFC 1918 Blues
- Slowloris HTTP DoS
- CSRF And Ignoring Basic/Digest Auth
- Hash Information Disclosure Via Collisions - The Hard Way
- Socket Capable Browser Plugins Result In Transparent Proxy Abuse
- XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+
- Session Fixation Via DNS Rebinding
- Quicky Firefox DoS
- DNS Rebinding for Credential Brute Force
- SMBEnum
- DNS Rebinding for Scraping and Spamming
- SMB Decloaking
- De-cloaking in IE7.0 Via Windows Variables
- itms Decloaking
- Flash Origin Policy Issues
- Cross-subdomain Cookie Attacks
- HTTP Parameter Pollution (HPP)
- How to use Google Analytics to DoS a client from some website.
- Our Favorite XSS Filters and how to Attack them
- Location based XSS attacks
- PHPIDS bypass
- I know what your friends did last summer
- Detecting IE in 12 bytes
- Detecting browsers javascript hacks
- Inline UTF-7 E4X javascript hijacking
- HTML5 XSS
- Opera XSS vectors
- New PHPIDS vector
- Bypassing CSP for fun, no profit
- Twitter misidentifying context
- Ping pong obfuscation
- HTML5 new XSS vectors
- About CSS Attacks
- Web pages Detecting Virtualized Browsers and other tricks
- Results, Unicode Left/Right Pointing Double Angel Quotation Mark
- Detecting Private Browsing Mode
- Cross-domain search timing
- Bonus Safari XXE (only affecting Safari 4 Beta)
- Apple's Safari 4 also fixes cross-domain XML theft
- Apple's Safari 4 fixes local file theft attack
- A more plausible E4X attack
- A brief description of how to become a CA
- Creating a rogue CA certificate
- Browser scheme/slash quirks
- Cross-protocol XSS with non-standard service ports
- Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”
- MD5 extension attack
- Attack - PDF Silent HTTP Form Repurposing Attacks
- XSS Relocation Attacks through Word Hyperlinking
- Hacking CSRF Tokens using CSS History Hack
- Hijacking Opera’s Native Page using malicious RSS payloads
- Millions of PDF invisibly embedded with your internal disk paths
- Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
- Pwning Opera Unite with Inferno’s Eleven
- Using Blended Browser Threats involving Chrome to steal files on your computer
- Bypassing OWASP ESAPI XSS Protection inside Javascript
- Hijacking Safari 4 Top Sites with Phish Bombs
- Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency
- Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF
- IE8 Link Spoofing - Broken Status Bar Integrity
- Blind SQL Injection: Inference thourgh Underflow exception
- Exploiting Unexploitable XSS
- Clickjacking & OAuth
- Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk
- Active Man in the Middle Attacks
- Cross-Site Identification (XSid)
- Microsoft IIS with Metasploit evil.asp;.jpg
- MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency
- Generic cross-browser cross-domain theft
- Popup & Focus URL Hijacking
- Advanced SQL injection to operating system full control(whitepaper)
- Expanding the control over the operating system from the database
- HTML+TIME XSS attacks
- Enumerating logins via Abuse of Functionality vulnerabilities
- Hellfire for redirectors
- DoS attacks via Abuse of Functionality vulnerabilities
- URL Spoofing vulnerability in bots of search engines (#2)
- URL Hiding - new method of URL Spoofing attacks
- Exploiting Facebook Application XSS Holes to Make API Requests
- Unauthorized TinyURL URL Enumeration Vulnerability
