Webové útoky

Account lockout attack

 

Argument Injection or Modification

 

Asymmetric resource consumption

 

Binary planting

 

Blind SQL Injection

 

Blind XPath Injection

 

Brute force attack

 

Buffer overflow attack

 

Cache Poisoning

 

Cash Overflow

 

ClickJacking

 

Code Injection

 

Command Injection

 

Comment Injection Attack

 

Content Security Policy

 

Content Spoofing

 

Cornucopia - Ecommerce Website Edition - Wiki Deck

 

CORS OriginHeaderScrutiny

 

CORS RequestPreflighScrutiny

 

Credential stuffing

 

Cross Frame Scripting

 

Cross Site History Manipulation (XSHM)

 

Cross Site Tracing

 

Cross User Defacement

 

Cross-Site Request Forgery (CSRF)

 

Cross-site Scripting (XSS)

 

Cross-User Defacement

 

Cryptanalysis

 

CSRF Attack

 

CSV Injection

 

Custom Special Character Injection

 

Custom Special charakter Injection

 

Denial of Service

 

Direct Dynamic Code Evaluation (Eval Injection)

 

Direct Dynamic Code Evaluation ('Eval Injection')

 

Direct Static Code Injection

 

DoS

 

Double Encoding

 

Execution After Redirect (EAR)

 

Forced browsing

 

Form action hijacking

 

Format string attack

 

Full Path Disclosure

 

Function Injection

 

Guía para evitar infecciones de RANSOMWARE

 

HTTP Request Smuggling

 

HTTP Response Splitting

 

IDN homograf Attack

 

Inyección de Código

 

Inyección SQL

 

Inyección SQL Ciega

 

Inyección XPath

 

Inyección XPath Ciega

 

LDAP injection

 

Log Injection

 

Man in the browser attack

 

Man in the middle attack

 

Man-in-the-browser attack

 

Man-in-the-middle attack

 

Mobile code : object hijack

 

Mobile code: invoking untrusted mobile code

 

Mobile code: non-final public field

 

Mobile code: object hijack

 

Network Eavesdropping

 

One-Click Attack

 

Overflow Binary Resource File

 

OWASP Cornucopia

 

Page Hijacking

 

Parameter Delimeter

 

Parameter Delimiter

 

Path Manipulation

 

Path Traversal

 

Quantum Insert attack

 

Reflected DOM Injection

 

Regular expression Denial of Service - ReDoS

 

Relative Path Traversal

 

Repudiation Attack

 

Resource Injection

 

Reverse Tabnabbing

 

Server Side Includes (SSI) Inject

 

Server-Side Includes (SSI) Injection

 

Session fixation

 

Session hijacking attack

 

Session Prediction

 

Setting Manipulation

 

Special Element Injection

 

Spyware

 

SQL Attack

 

SQL Injection

 

Traffic flood

 

Trojan Horse

 

Unicode Encoding

 

URL Spoofing

 

Web based Attack

 

Web Parameter Tampering

 

Windows ::DATA alternate data stream

 

XPATH Injection

 

XPATH Injection Java

 

XSA

 

XSRF

 

XSS Attack

 

Xss in subtitle

(DOMinator) Finding DOMXSS with dynamic taint propagation

 

(Non-Persistent) Untraceable XSS Attacks

 

.Net Cross Site Scripting – Request Validation Bypassing

 

“ASPXErrorPath in URL” Technique in Scanning a .Net Web Application

 

0DAY: QuickTime pwns Firefox

Using Cookies For Selective DoS and State Detection

 

Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution

 

Popup & Focus URL Hijacking

 

The curse of inverse strokejacking

 

Fooling B64_Encode(Payload) on WAFs and filters

 

 

2CAPTCHA Hax With TesserCap

Web pages Detecting Virtualized Browsers and other tricks

 

Breaking into a WPA network with a webpage

 

Stroke triggered XSS and StrokeJacking

 

Poisoning proxy caches using Java/Flash/Web Sockets

 

How to Conceal XSS Injection in HTML5

 

Expanding the Attack Surface

 

Chronofeit Phishing

 

Non-Obvious (Crypto) Bugs by Example

 

SQLi filter evasion cheat sheet (MySQL)

 

XSHM Mark 2

 

A brief description of how to become a CA

 

A Different Opera 

 

A more plausible E4X attack

 

A story that diggs itself

 

A Twitter DomXss, a wrong fix and something more

 

Aaron Patterson – Serialized YAML Remote Code Execution

 

ABC News (AU) XSS linking the reporter to Al Qaeda

 

About CSS Attacks

 

Abusing CDNs with SSRF Flash and DNS

 

Abusing Flash-Proxies for client-side cross-domain HTTP requests

 

Abusing HTML 5 Structured Client-side Storage 

 

Abusing HTTP Status Codes to Expose Private Information

 

Abusing PHP Sockets

 

Abusing PHP Sockets (1, 2)

 

Abusing XSLT for Practical Attacks

 

Account Hijackings Force LiveJournal Changes

 

Active Man in the Middle Attacks

 

ActiveX Repurposing 

 

ActiveX Repurposing, (1, 2)

 

Additional Image Bypass on Windows

 

Adultspace XSS Worm

 

Advanced Exploitation of Mozilla Firefox Use-After-Free Vulnerability (Pwn2Own 2014) CVE-2014-1512

 

Advanced SQL injection to operating system full control

 

Advanced SQL injection to operating system full control(whitepaper)

 

Advanced Web Attack Techniques using GMail 

 

AIR Flash RCE from PWN2OWN

 

All Your Google Docs are Belong To US…

 

Angelo Prado, Neal Harris, Yoel Gluck – BREACH

 

Anonymizing RFI Attacks Through Google

 

Anti-DNS Pinning ( DNS Rebinding )

 

Anti-DNS Pinning ( DNS Rebinding ) : Online Demonstration 

 

Anti-DNS Pinning ( DNS Rebinding ) + Socket in FLASH

 

Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning

 

Apache Struts ClassLoader Manipulation Remote Code Execution 

 

Apache Struts ClassLoader Manipulation Remote Code Execution and Blog Post

 

Apple's Safari 4 also fixes cross-domain XML theft

 

Apple's Safari 4 fixes local file theft attack

 

Arbitrary TCP over uploaded pages

 

Ashar Javad Attack against Facebook’s password reset process.

 

ASP.NET 'Padding Oracle' Crypto Attack

 

AT&T Hack Highlights Web Site Vulnerabilities 

 

Attack - PDF Silent HTTP Form Repurposing Attacks

 

Attack Surface for Project Spartan’s EdgeHTML Rendering Engine

 

Attacking CAPTCHAs for Fun and Profit

 

Attacking HTTPS with Cache Injection

 

Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select)

 

Auto-Complete Hack by Hiding Filled in Input Fields with CSS

 

Autocomplete..again?!

 

ava DSN Rebinding + Java Same IP Policy = The Internet Mayhem

 

Backdooring MP3 Files

 

Backdooring PDF Files

 

Backdooring QuickTime Movies

 

BEAST

 

Belkin Buffer Overflow via Web

 

BK for Mayor of Oak Tree View

 

Blended Threats and JavaScript

 

Blind SQL Injection: Inference thourgh Underflow exception

 

Blind web server fingerprinting

 

Bonus Safari XXE (only affecting Safari 4 Beta)

 

Breaking Google Gears' Cross-Origin Communication Model 

 

Breaking HTTPS with BGP Hijacking

 

Breaking into a WPA network with a webpage

 

Browser Event Hijacking

 

Browser Port Scanning without JavaScript

 

Browser scheme/slash quirks

 

Browsers Anti-XSS methods in ASP (classic) have been defeated!

 

Browser's Ghost Busters

 

Bruteforce of PHPSESSID

 

Bruteforcing HTTP Auth in Firefox with JavaScript

 

Bruteforcing/Abusing search functions with no-rate checks to collect data

 

Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability

 

Building Subversive File Sharing With Client Side Applications

 

Bursting Performances in Blind SQL Injection - Take 2 (Bandwidth)

 

Bypass port blocking in Firefox, Opera and Konqueror.

 

Bypass Surgery

 

Bypassing CAPTCHAs by Impersonating CAPTCHA Providers (1,2)

 

Bypassing CSP for fun, no profit

 

Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution

 

Bypassing Filters With Encoding

 

Bypassing Flash’s local-with-filesystem Sandbox

 

Bypassing HTTP Basic Authenitcation in PHP Applications (** potential rediscovery of: HTExploit – Bypassing .htaccess restrictions **)

 

Bypassing Chrome’s Anti-XSS filter

 

Bypassing Mozilla Port Blocking

 

Bypassing NoCAPTHCA

 

Bypassing of web filters by using ASCII 

 

Bypassing OWASP ESAPI XSS Protection inside Javascript

 

Bypassing URL Authentication and Authorization with HTTP Verb Tampering

 

Canadian Beacon

 

CAPTCHA Hax With TesserCap

 

CAPTCHA Re-Riding Attack

 

Carlos Munoz – Bypassing Internet Explorer’s Anti-XSS Filter

 

Circumventing DNS Pinning for XSS

 

Click here to vote for your favorite web hacks of the year!

 

Clickjacking & OAuth

 

Clickjacking / Videojacking 

 

Clickjacking Rootkits for Android (2)

 

Client-side SQL Injection Attacks

 

Close encounters of the third kind (client-side JavaScript vulnerabilities)

 

CNNINC SSL MitM

 

Code Execution Through Filenames in Uploads

 

Code Execution via XSS

 

Code Execution via XSS (1)

 

Cody Collier – Exposing Verizon Wireless SMS History

 

Collecting Lots of Free 'Micro-Deposits'

 

Common localhost dns misconfiguration can lead to "same site" scripting

 

Compromising an unreachable Solr Serve

 

Content Smuggling

 

Content-Disposition Hacking

 

Converting unimplementable Cookie-based XSS to a persistent attack

 

Cookie Eviction

 

Cookie Path Traversal

 

Cookiejacking

 

Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID

 

Covert Timing Channels based on HTTP Cache Headers

 

Cracking hashes in the JavaScript cloud with Ravan

 

 

Cracking Ruby on Rails Sessions

 

Creating a rogue CA certificate

 

CRIME

 

Cross Context Scripting from within the Browser

 

Cross Domain Basic Auth Phishing Tactics

 

Cross domain content extraction with fake captcha

 

Cross Domain Leakage With Image Size

 

Cross Environment Hopping

 

Cross Site URL Hijacking by using Error Object in Mozilla Firefox

 

Cross-Browser Proxy Unmasking

 

Cross-domain leaks of site logins via Authenticated CSS 

 

Cross-domain search timing

 

Cross-protocol XSS with non-standard service ports

 

Cross-site File Upload Attacks

 

Cross-Site Identification (XSid)

 

Cross-Site Port Attacks

 

Cross-Site Printing (Printer Spamming)

 

Cross-subdomain Cookie Attacks

 

Crowd-sourcing mischief on Google Maps leads customers astray

 

Cryptophp Backdoor

 

CSRF And Ignoring Basic/Digest Auth

 

CSRF on Novell GroupWise WebAccess

 

CSRF token disclosure via iFRAME and CAPTCHA trickery 

 

CSRF with JSON – leveraging XHR and CORS

 

CSRF with MS Word

 

CSRF: Flash + 307 redirect = Game Over

 

CSRFing the uTorrent plugin

 

CSS :visited may be a bit overrated

 

CSS History Hack In Firefox Without JavaScript for Intranet Portscanning

 

CSS history hacking with evil marketing

 

CSS History Stealing Acts As Cookie

 

CSS-Only Clickjacking

 

CTA: The weaknesses in client side xss filtering targeting Chrome’s XSS Auditor

 

CUPS Detection

 

Cursorjacking again

 

De-cloaking in IE7.0 Via Windows Variables

 

Delta Boarding Pass Spoofing

 

Detecting browsers javascript hacks

 

Detecting Default Browser in IE

 

Detecting FireFox Extentions

 

Detecting IE in 12 bytes

 

Detecting Private Browsing Mode

 

Detecting Privoxy Users and Circumventing It

 

Detecting States of Authentication With Protected Images

 

Detecting users via Authenticated Redirects

 

DHCP Script Injection

 

Dialog Spoofing - Firefox Basic Authentication

 

Diminutive Worm, 161 byte Web Worm

 

DNS poisoning via Port Exhaustion

 

DNS Rebinding for Credential Brute Force

 

DNS Rebinding for Scraping and Spamming

 

DNS Rebinding on Java Applets

 

Dom Flow

 

DOMinator – Finding DOMXSS with dynamic taint propagation

 

DoS attacks via Abuse of Functionality vulnerabilities

 

Double eval() for DOM based XSS

 

Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)

 

Drupal 7 Core SQLi

 

eDellRoot

 

Effects of DNS Rebinding On IE’s Trust Zones

 

Embeding SVG That Contains XSS Using Base64 Encoding in Firefox

 

Encoding Filter Bypass 

 

Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII)

 

Enumerate Windows Users In JS

 

Enumerating logins via Abuse of Functionality vulnerabilities

 

Enumerating Through User Accounts

 

Eradicating DNS Rebinding with the Extended Same-Origin Policy

 

Evading All Web Application filters

 

Evading All* WAF XSS Filters

 

Evercookie

 

Exaggerating Timing Attack Results Via GET Flooding

 

Excel formula injection in Google Docs

 

Expanding the Attack Surface

 

Expanding the control over the operating system from the database

 

Expansions on FREAK attack

 

Expect Header Injection Via Flash

 

Exploitation of “Self-Only” Cross-Site Scripting in Google Code

 

Exploiting CSRF Protected XSS

 

Exploiting Facebook Application XSS Holes to Make API Requests

 

Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection

 

Exploiting Logged Out XSS Vulnerabilities

 

Exploiting Second Life

 

Exploiting the unexploitable XSS with clickjacking

 

Exploiting Unexploitable XSS

 

Exploiting XSS in Ajax Web Applications

 

Exploiting XSS vulnerabilities on cookies

 

Exploiting XXE in File Upload Functionality

 

Exponential XSS

 

Exponential XSS Attacks

 

Expression Language Injection

 

F5 and Acunetix XSS disclosure

 

Facebook hosted DDOS with notes app

 

Facebook: Memorializing a User

 

Father/Daughter Team Finds Valuable Facebook Bug

 

Favorites Gone Wild

 

File Download Injection

 

File Name Enumeration in Rails

 

File System API with HTML5 – Juice for XSS

 

FileCry

 

Filejacking: How to make a file server from your browser (with HTML5 of course)

 

Finding Weak Rails Security Tokens

 

Fireeye – Arbitrary reading and writing of the JVM process

 

Firefox 2 and WebKit nightly cross-domain image theft

 

Firefox cross-domain information theft (simple text strings, some CSV)

 

Firefox File Handling Woes

 

Firefox Header Redirection JavaScript Execution

 

Firefox Popup Blocker Allows Reading Arbitrary Local Files

 

Firefox XML injection into parse of remote XML

 

Firefox’s JAR: Protocol issues

 

Firefoxurl URI Handler Flaw

 

Flash Camera and Mic Remember Function and XSS

 

Flash clipboard Hijack

 

Flash Cookie Object Tracking

 

Flash Internet Explorer security model bug

 

Flash Origin Policy Issues

 

Flash Parameter Injection 

 

FlashFlood

 

Flickr's API Signature Forgery Vulnerability (MD5 extension attack)

 

Fooling B64_Encode(Payload) on WAFs and filters

 

Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”

 

Forging HTTP request headers with Flash

 

Formaction Scriptless attack updates

 

Frame Injection Fun

 

FREAK(Factoring attack on RSA-Export Keys)

 

Free MacWorld Platinum Pass? Yes in 2008!

 

Fun with data: URLs

 

Generic cross-browser cross-domain theft

 

Get Internal Network Information with Java Applets

 

GIFAR 

 

Gmail - Google Docs Cookie Hijacking through PDF Repurposing &PDF

 

Google Adsense CSRF hole

 

Google Docs puts Google Users at Risk

 

Google Dorks Strike Again

 

Google Drive SSO Phishing

 

Google GMail E-mail Hijack Technique

 

Google Hacks On Your Behalf

 

Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation

 

Google Chrome/ChromeOS sandbox side step via owning extensions

 

Google Indexes XSS

 

Google plugs phishing hole

 

Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk

 

Google Two-Factor Authentication Bypass

 

Google Urchin password theft madness

 

Google User De-Anonymization

 

Google Vulnerable Code Dork

 

Governator Hack

 

Gravatar Email Enumeration in JavaScript

 

Hacker scans the internet

 

Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox,Internet Explorer)

 

Hacking CSRF Tokens using CSS History Hack

 

Hacking Facebook with HTML5

 

Hacking Intranets Through Web Interfaces

 

Hacking Intranets Via Brute Force

 

Hacking PayPal Accounts with 1 Click

 

Hacking RSS Feeds

 

Hacking without 0days: Drive-by Java

 

Hash Information Disclosure Via Collisions - The Hard Way

 

HashDOS: Effective Denial of Service attacks against web application platforms

 

Heartbleed

 

Hellfire for redirectors

 

Hidden XSS Attacking the Desktop & Mobile Platforms

 

Hiding JS in Valid Images

 

Hijacking Opera’s Native Page using malicious RSS payloads

 

Hijacking Safari 4 Top Sites with Phish Bombs

 

HikaShop Object Injection

 

HostGator: cPanel Security Hole Exploited in Mass Hack

 

Hostile Subdomain Takeover using Heroku/Github/Desk + more

 

Hostile Subdomain Takeover using Heroku/Github/Desk 

 

How Facebook lacked X-Frame-Options and what I did with it

 

How I hacked GitHub again

 

How I hacked Instagram to see your private photos

 

How I Hacked StackOverflow

 

How to Conceal XSS Injection in HTML5

 

How to defeat digg.com

 

How to get linked from Slashdot

 

How to get SQL query contents from SQL injection flaw

 

How To Own Every User On A Social Networking Site

 

How to upload arbitrary file contents cross-domain

 

How to upload arbitrary file contents cross-domain (2)

 

How to use Google Analytics to DoS a client from some website.

 

HOW TO: Spy on the Webcams of Your Website Visitors

 

HScan Redux

 

HTML/CSS Injections - Primitive Malicious Code

 

HTML+TIME XSS attacks

 

HTML5 Hard Disk Filler™ API

 

HTML5 new XSS vectors

 

HTML5 XSS

 

HTTP Parameter Pollution (HPP)

 

HTTP POST DoS

 

HTTP Proxies Bypass Firewalls

 

HTTP Response Splitting and Data: URI scheme in Firefox

 

Hunting ASynchronous Vulnerabilities

 

Hyperlink Spoofing and the Modern Web

 

Chrome addon hacking (2, 3, 4, 5)

 

Chrome and Safari users open to stealth HTML5 AppCache attack

 

Chronofeit Phishing

 

I know what your friends did last summer

 

I know what you've got (Firefox Extensions)

 

I know where you've been

 

I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)

 

IE "Print Table of Links" Cross-Zone Scripting Vulnerability

 

IE 7 and Firefox Browsers Digest Authentication Request Splitting

 

IE Sends Local Addresses in Referer Header

 

IE11 RCE

 

IE6.0 Protocol Guessing

 

IE7.0 Detector

 

IE8 Link Spoofing - Broken Status Bar Integrity

 

IE9 Self-XSS Blackbox Protection bypass

 

Iframe HTTP Ping

 

IIS5.1 Directory Authentication Bypass by using ":$I30:$Index_Allocation"

 

IIS6/ASP & file upload for fun and profit

 

illusoryTLS

 

Image Names Gone Bad

 

IMAP Vulnerable to XSS

 

Improving HTTPS Side Channel Attacks

 

Initiating Probes Against Servers Via Other Servers

 

Injecting the script tag into XML

 

Inline UTF-7 E4X javascript hijacking

 

Inter Protocol Exploitation

 

Internal Port Scanning via Crystal Reports

 

Internet Archiver Port Scanner

 

Internet Explorer 7 "mhtml:" Redirection Information Disclosure

 

iPhone SSL Warning and Safari Phishing

 

ISO-8895-1 Vulnerable in Firefox to Null Injection

 

itms Decloaking

 

James Bennett – Django DOS

 

Java Applet Same IP Host Access

 

Java Applet Same-Origin Policy Bypass via HTTP Redirect

 

Java Applet DNS Rebinding

 

Java Applets and DNS Rebinding

 

Java Deserialization w/ Apache Commons Collections in WebLogic, WebSphere, JBoss, Jenkins, and OpenNMS

 

Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem

 

Java JAR Attacks and Features

 

JavaScript Code Flow Manipulation

 

JavaScript Global Namespace Pollution

 

JavaScript Port Scanning

 

JavaScript Portscanning and bypassing HTTP Auth

 

JavaSnoop

 

Join a Religion Via CSRF

 

JSON Hijacking with UTF-7

 

JSON-based XSS exploitation

 

Jumping out of Touch Screen Kiosks

 

Kindle Touch (5.0) Jailbreak/Root and SSH

 

Large Scale Detection of DOM based XSS

 

Launch any file path from web page

 

Linskys E420 Authentication Bypass Disclosure

 

Local DoS on CUPS to a remote exploit via specially-crafted webpage

 

Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)

 

LocalRodeo Detection

 

Location based XSS attacks

 

Login Detection without JavaScript

 

LogJam

 

Lost in Translation (ASP’s HomoXSSuality)

 

Lotus Notes Formula Injection

 

Lucky 13 Attack

 

Magic Hashes

 

Malformed URL in Image Tag Fingerprints Internet Explorer

 

Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user

 

Mario Heiderich – Mutation XSS

 

MD5 extension attack

 

Metaverse breached: Second Life customer database hacked

 

Microsoft ASP.NET Request Validation Bypass Vulnerability

 

Microsoft ASP.NET Request Validation Bypass Vulnerability (POC)

 

Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug)

 

Microsoft IIS with Metasploit evil.asp;.jpg

 

Microsoft SChannel Vulnerability

 

Million Browser Botnet Video Briefing

 

Millions of PDF invisibly embedded with your internal disk paths

 

Misfortune Cookie – TR-069 ACS Vulnerabilities in residential gateway routers

 

MITM attack to overwrite addons in Firefox

 

MitM DNS Rebinding SSL/TLS Wildcards and XSS

 

More Port Scanning - This Time in Flash

 

More URI Stuff… (IE’s Resouce URI)

 

MSIE Flash 0day targeting french aerospace

 

MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency

 

Multi-pass filters bypass

 

Multiple Facebook Messenger CSRF’s

 

Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java

 

Multiviews Apache, Accept Requests and free listing

 

MX Injection : Capturing and Exploiting Hidden Mail Servers

 

MySQL and SQL Column Truncation Vulnerabilities

 

MySQL Stacked Queries with SQL Injection...sort of

 

NAT Pinning: Penetrating routers and firewalls from a web page

 

NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward)

 

Navigation Hijacking (Frame/Tab Injection Attacks)

 

Net Cross Site Scripting – Request Validation Bypassing

 

Netflix.com XSRF vuln

 

Network Scanning with HTTP without JavaScript

 

New Evasions for Web Application Firewalls

 

New Methods in Automated XSS Detection: Dynamic XSS Testing Without Using Static Payloads

 

New PHPIDS vector

 

Next Generation Clickjacking

 

Nikon magazine hit with security breach

 

No Alnum JavaScript (cheat sheet, jjencode demo)

 

NODE.JS CONNECT CSRF BYPASS ABUSING METHODOVERRIDE MIDDLEWARE

 

Noisy Decloaking Methods

 

Non-Alpha-Non-Digit 3

 

Non-Obvious (Crypto) Bugs by Example

 

NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick

 

NTLM Relay via HTTP to internet or stealing windows user hashes while using java client

 

NULLs in entities in Firefox

 

One vector to rule them all

 

OpenSSL CVE-2014-0224

 

Opera XSS vectors

 

Optimizing the number of requests in blind SQL injection

 

Our Favorite XSS Filters and how to Attack them

 

overwriting cookies on other people’s domains in Firefox. 

 

'Padding Oracle' Crypto Attack

 

'Padding Oracle' Crypto Attack (poet, Padbuster, demo,ASP.NET)

 

padding oracle web attack (poet, Padbuster, demo)

 

Paper on Hacking Intranets Using Websites (Not Web Browsers)

 

Parasitic computing using ‘Cloud Browsers’ (2)

 

Passing Malicious PHP Through getimagesize()

 

Password extraction from Ajax/DOM/HTML5 routine

 

Password mining from AWS/Parse Tokens

 

Pawn Storm (CVE-2015-7645)

 

Pawnstorm

 

Paypal Manager Account Hijack

 

PayPal Security Flaw allows Identity Theft

 

PDF XSS Can Compromise Your Machine

 

Penetrating Intranets through Adobe Flex Applications

 

Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers

 

Permanent backdooring of HTML5 client-side application

 

Permanent backdooring of HTML5 client-side application [Apture example]

 

Persistent Cookies

 

Persistent Cookies and DNS Rebinding Redux

 

Persistent Cross Interface Attacks

 

Persistent SQL Injection

 

Phil Purviance – Don’t Use Linksys Routers

 

PHPIDS bypass

 

phpwn: Attack on PHP sessions and random numbers

 

Ping pong obfuscation

 

Pixel Perfect Timing Attacks with HTML5

 

Poisoning proxy caches using Java/Flash/Web Sockets

 

Poking new holes with Flash Crossdomain Policy Files

 

Poodle

 

Popup & Focus URL Hijacking

 

Port Scan without JavaScript

 

Port Scanning with HTML5 and JS-Recon

 

Posting raw XML cross-domain

 

Practical Timing Attacks using Mathematical Amplification of Time Difference in == Operator

 

Pulling system32 out over blind SQL Injection

 

Pure Java™, Pure Evil™ Popups

 

Pwning Opera Unite with Inferno’s Eleven

 

Pwning via SSRF (memcached, php-fastcgi, e

 

PXSS on long length videos to DOS

 

Quick Proxy Detection

 

Quicky Firefox DoS

 

Racing to downgrade users to cookie-less authentication

 

Random Number Security in Python

 

Rapid history extraction through non-destructive cache timing (v8)

 

RCE through mangled WAR upload into Tomcat App Manager using PUT-in-Gopher-over-XXE (1)

 

Read Firefox Settings (PoC)

 

Recursive DNS Resolver (DOS)

 

Recursive File Include DoS

 

Recursive Request DoS

 

Redirector’s hell

 

Reflected File Download

 

Relative Path Overwrite

 

Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)

 

Res Timing Attack

 

Res Timing File Enumeration Without JavaScript in IE7.0

 

Res:// Protocol Local File Enumeration

 

Residential Gateway “Misfortune Cookie”

 

Response Splitting Filter Evasion

 

Results, Unicode Left/Right Pointing Double Angel Quotation Mark

 

Re-visiting JAVA De-serialization: It can't get any simpler than this !!

 

RevSlider

 

RFC 1918 Blues

 

RFC1918 Caching Security Issues

 

Rosetta Flash

 

Ruby on Rails Session Termination Design Flaw

 

Safari Carpet Bomb 

 

Safari pwns Internet Explorer

 

Same Origin Bypass in Adobe Reader CVE-2014-8453

 

Same Origin Bypassing Using Image Dimensions

 

Same Origin Spoofing to Attack Client Certificate Sessions

 

Scanning internal Lan with PHP remote file opening.

 

Scraping & Spamming

 

Selecting Encoding Methods For XSS Filter Evasion

 

Server Side Template Injection

 

Server-Side Template Injection: RCE for the Modern Web App

 

Session Extending

 

Session Fixation

 

Session Fixation Via DNS Rebinding

 

Session Puzzling (aka Session Variable Overloading)

 

setTimeout Clickjacking

 

Severe XSS in Google and Others due to the JAR protocol issues

 

ShellShock

 

Side Channel Attacks in SSL

 

Site Plagiarizes Blog Posts, Then Files DMCA Takedown on Originals

 

Skype cross-zone scripting vulnerability

 

Slideshare

 

Slowloris HTTP DoS

 

SMB Decloaking

 

SMBEnum

 

SMTP Injection via Recipient Email Address

 

Smuggling SMTP through open HTTP proxies

 

SNMP XSS Attack

 

Soaksoak WordPress Malware

 

Social Networks Evil Twin Attacks

 

Socket Capable Browser Plugins Result In Transparent Proxy Abuse

 

Spoofing Firefox protected objects

 

SpyTunes: Find out what iTunes music someone else has

 

SQL Smuggling

 

SQLi filter evasion cheat sheet (MySQL)

 

SSID Script Injection

 

St. Louis Federal Reserve DNS Redirect

 

Steal History without JavaScript

 

Stealing Basic Auth with Persistent XSS

 

Stealing entire Auto-Complete data in Google Chrome

 

Stealing Mouse Clicks for Banner Fraud

 

Stealing Pictures with Picasa

 

Stealing Search Engine Queries with JavaScript

 

Stealing User Information Via Automatic Form Filling

 

Stealth Cookie Stealing (new XSS technique)

 

Steam Browser Protocol Insecurity

 

Stiltwalker, exploits weaknesses in the audio version of reCAPTCHA

 

Stored XSS Vulnerability @ Amazon

 

Stripping Referrer for fun and profit

 

Stroke triggered XSS and StrokeJacking

 

Strokejacking

 

Struts 2 OGNL Double Evaluation RCE

 

Stuffing Javascript into DNS names

 

Superfish SSL MitM

 

SurveyMonkey: IP Spoofing

 

Tabnabbing: A New Type of Phishing Attack

 

Tapjacking: owning smartphone browsers

 

Temporal Session Race Conditions Video 2

 

Text-based CAPTCHA Strengths and Weaknesses

 

The “I Know…” series. What websites know about you

 

The Attack of the TINY URLs

 

The Case of the Unconventional CSRF Attack in Firefox

 

The curse of inverse strokejacking

 

The Failure of Noise-Based Non-Continuous Audio Captchas

 

The New Age of XXE

 

The old is new, again. CVE20112461 is back!

 

The PayPal 2FA Bypass

 

The Unexpected Dangers of Dynamic JavaScript

 

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild

 

There’s an OAK TREE in my blog!?!?!

 

Timing Attacks on CSS Shaders

 

Timothy Morgan – What You Didn’t Know About XML External Entity Attacks

 

Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval

 

Top 3 Proxy Issues That No One Ever Told You

 

Top-Level Universal XSS

 

Tor Hidden-Service Passive De-Cloaking

 

Total surveillance made easy with VoIP phone

 

Tracking users that block cookies with a HTTP redirect

 

Tunneling TCP over HTTP over SQL Injection 

 

Tunneling tcp over http over sql-injection

 

Turn Any Page Into A Greasemonkey Popup

 

Turning XSS into Clickjacking

 

TweetDeck XSS

 

Twitter misidentifying context

 

UI Redressing Mayhem: Firefox 0-Day And The LeakedIn Affair

 

UI Redressing Mayhem: HTTPOnly Bypass PayPwn Style

 

UI Redressing: Attacks and Countermeasures Revisited

 

Unauthenticated Backup and Password Disclosure In HandsomeWeb SOS Webpages cve-2014-3445

 

Unauthorized TinyURL URL Enumeration Vulnerability

 

Understanding and Managing Entropy Usage

 

Universal XSS in Adobe’s Acrobat Reader Plugin

 

Universal XSS in IE8 

 

Untangling The DOM For More Easy-Juicy Bugs

 

UPnP Hacking via Flash

 

URL Hiding - new method of URL Spoofing attacks

 

URL Spoofing vulnerability in bots of search engines 

 

URL Spoofing vulnerability in bots of search engines (#2)

 

Username Enumeration Timing Attacks (Sensepost)

 

Username Enumeration Vulnerabilities

 

Using Blended Browser Threats involving Chrome to steal files on your computer

 

Using Cookies For Selective DoS and State Detection

 

Using Cross-domain images in WebGL and Chrome 13

 

Using CSS to De-Anonymize

 

Using HTTP headers pollution for mobile networks attacks (2)

 

Using POST method to bypass IE-browser protected XSS

 

Using the HTML5 Fullscreen API for Phishing Attacks

 

Using WordPress as a intranet and internet port scanner

 

Using your browser URL history to estimate gender

 

Variable Width Encoding

 

Visitor Tracking Without Cookies (or How To Abuse HTTP 301s)

 

Weaknesses in RC4

 

Web Browser History Stealing

 

Web Browser Intranet Hacking / Port Scanning 

 

Web Mayhem: Firefox’s JAR: Protocol issues

 

Web pages Detecting Virtualized Browsers and other tricks

 

Web Timing Attacks Made Practical

 

Web Worms 

 

Who Are You? A Statistical Approach to Protecting LinkedIn Logins(CSS UI Redressing Issue)

 

Widespread XSS for Google Search Appliance

 

Will it Blend?

 

Winning the Online Banking War

 

WordPress Core RCE

 

Xanga Hit By Script Worm

 

X-Frame-Options (XFO) Detection from Javascript

 

XML Intranet Port Scanning

 

XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+

 

XSHM Mark 2

 

XSS Fragmentation Attacks

 

XSS in Skype for iOS

 

XSS Relocation Attacks through Word Hyperlinking

 

XSS Vulnerabilities in Common Shockwave Flash Files

 

XSS: Gaining access to HttpOnly Cookie in 2012

 

XSSing client-side dynamic HTML includes by hiding HTML inside images and more

 

XSS-Track as a HTML5 WebSockets traffic sniffer

 

XSS-Track: How to quietly track a whole website through single XSS

 

Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency

 

Yes, you can have fun with downloads

 

Zach Cutlip – Remote Code Execution in Netgear routers