(DOMinator) Finding DOMXSS with dynamic taint propagation |
(Non-Persistent) Untraceable XSS Attacks |
.Net Cross Site Scripting – Request Validation Bypassing |
“ASPXErrorPath in URL” Technique in Scanning a .Net Web Application |
0DAY: QuickTime pwns Firefox |
Using Cookies For Selective DoS and State Detection |
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution |
Popup & Focus URL Hijacking |
The curse of inverse strokejacking |
Fooling B64_Encode(Payload) on WAFs and filters |
2CAPTCHA Hax With TesserCap |
Web pages Detecting Virtualized Browsers and other tricks |
Breaking into a WPA network with a webpage |
Stroke triggered XSS and StrokeJacking |
Poisoning proxy caches using Java/Flash/Web Sockets |
How to Conceal XSS Injection in HTML5 |
Expanding the Attack Surface |
Chronofeit Phishing |
Non-Obvious (Crypto) Bugs by Example |
SQLi filter evasion cheat sheet (MySQL) |
XSHM Mark 2 |
A brief description of how to become a CA |
A different Opera |
A Different Opera |
A more plausible E4X attack |
A story that diggs itself |
A Twitter DomXss, a wrong fix and something more |
Aaron Patterson – Serialized YAML Remote Code Execution |
ABC News (AU) XSS linking the reporter to Al Qaeda |
About CSS Attacks |
About CSS Attacks |
Abusing CDNs with SSRF Flash and DNS |
Abusing Flash-Proxies for client-side cross-domain HTTP requests |
Abusing HTML 5 Structured Client-side Storage |
Abusing HTTP Status Codes to Expose Private Information |
Abusing PHP Sockets |
Abusing PHP Sockets (1, 2) |
Abusing XLST for Practical Attacks |
Abusing XSLT for Practical Attacks |
Account Hijackings Force LiveJournal Changes |
Active Man in the Middle Attacks |
Active Man in the Middle Attacks |
ActiveX Repurposing |
ActiveX Repurposing, (1, 2) |
Additional Image Bypass on Windows |
Adultspace XSS Worm |
Advanced Exploitation of Mozilla Firefox Use-After-Free Vulnerability (Pwn2Own 2014) CVE-2014-1512 |
Advanced SQL injection to operating system full control |
Advanced SQL injection to operating system full control(whitepaper) |
Advanced Web Attack Techniques using GMail |
Advanced Web Attack Techniques using GMail |
AIR Flash RCE from PWN2OWN |
All Your Google Docs are Belong To US… |
Angelo Prado, Neal Harris, Yoel Gluck – BREACH |
Anonymizing RFI Attacks Through Google |
Anti-DNS Pinning ( DNS Rebinding ) |
Anti-DNS Pinning ( DNS Rebinding ) : Online Demonstration |
Anti-DNS Pinning ( DNS Rebinding ) + Socket in FLASH |
Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning |
Apache Struts ClassLoader Manipulation Remote Code Execution |
Apache Struts ClassLoader Manipulation Remote Code Execution and Blog Post |
Apple's Safari 4 also fixes cross-domain XML theft |
Apple's Safari 4 fixes local file theft attack |
Arbitrary TCP over uploaded pages |
Ashar Javad Attack against Facebook’s password reset process. |
ASP.NET 'Padding Oracle' Crypto Attack |
AT&T Hack Highlights Web Site Vulnerabilities |
Attack - PDF Silent HTTP Form Repurposing Attacks |
Attack Surface for Project Spartan’s EdgeHTML Rendering Engine |
Attacking CAPTCHAs for Fun and Profit |
Attacking HTTPS with Cache Injection |
Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select) |
Auto-Complete Hack by Hiding Filled in Input Fields with CSS |
Autocomplete..again?! |
ava DSN Rebinding + Java Same IP Policy = The Internet Mayhem |
Backdooring MP3 Files |
Backdooring PDF Files |
Backdooring QuickTime Movies |
BEAST |
Belkin Buffer Overflow via Web |
BK for Mayor of Oak Tree View |
Blended Threats and JavaScript |
Blind SQL Injection: Inference thourgh Underflow exception |
Blind SQL Injection: Inference thourgh Underflow exception |
Blind web server fingerprinting |
Bonus Safari XXE (only affecting Safari 4 Beta) |
Breaking Google Gears' Cross-Origin Communication Model |
Breaking HTTPS with BGP Hijacking |
Breaking into a WPA network with a webpage |
Browser Event Hijacking |
Browser Port Scanning without JavaScript |
Browser scheme/slash quirks |
Browsers Anti-XSS methods in ASP (classic) have been defeated! |
Browser's Ghost Busters |
Bruteforce of PHPSESSID |
Bruteforcing HTTP Auth in Firefox with JavaScript |
Bruteforcing/Abusing search functions with no-rate checks to collect data |
Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability |
Building Subversive File Sharing With Client Side Applications |
Bursting Performances in Blind SQL Injection - Take 2 (Bandwidth) |
Bypass port blocking in Firefox, Opera and Konqueror. |
Bypass Surgery |
Bypassing CAPTCHAs by Impersonating CAPTCHA Providers (1,2) |
Bypassing CSP for fun, no profit |
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution |
Bypassing Filters With Encoding |
Bypassing Flash’s local-with-filesystem Sandbox |
Bypassing Flash’s local-with-filesystem Sandbox |
Bypassing HTTP Basic Authenitcation in PHP Applications (** potential rediscovery of: HTExploit – Bypassing .htaccess restrictions **) |
Bypassing Chrome’s Anti-XSS filter |
Bypassing Mozilla Port Blocking |
Bypassing NoCAPTHCA |
Bypassing of web filters by using ASCII |
Bypassing OWASP ESAPI XSS Protection inside Javascript |
Bypassing URL Authentication and Authorization with HTTP Verb Tampering |
Canadian Beacon |
CAPTCHA Hax With TesserCap |
CAPTCHA Re-Riding Attack |
Carlos Munoz – Bypassing Internet Explorer’s Anti-XSS Filter |
Circumventing DNS Pinning for XSS |
Click here to vote for your favorite web hacks of the year! |
Clickjacking & OAuth |
Clickjacking / Videojacking |
Clickjacking Rootkits for Android (2) |
Client-side SQL Injection Attacks |
Close encounters of the third kind (client-side JavaScript vulnerabilities) |
Close encounters of the third kind (client-side JavaScript vulnerabilities) |
CNNINC SSL MitM |
Code Execution Through Filenames in Uploads |
Code Execution via XSS |
Code Execution via XSS (1) |
Cody Collier – Exposing Verizon Wireless SMS History |
Collecting Lots of Free 'Micro-Deposits' |
Common localhost dns misconfiguration can lead to "same site" scripting |
Compromising an unreachable Solr Serve |
Content Smuggling |
Content-Disposition Hacking |
Converting unimplementable Cookie-based XSS to a persistent attack |
Cookie Eviction |
Cookie Path Traversal |
Cookiejacking |
Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID |
Covert Timing Channels based on HTTP Cache Headers |
Cracking hashes in the JavaScript cloud with Ravan |
Cracking Ruby on Rails Sessions |
Creating a rogue CA certificate |
CRIME |
Cross Context Scripting from within the Browser |
Cross Domain Basic Auth Phishing Tactics |
Cross domain content extraction with fake captcha |
Cross Domain Leakage With Image Size |
Cross Environment Hopping |
Cross Site URL Hijacking by using Error Object in Mozilla Firefox |
Cross-Browser Proxy Unmasking |
Cross-domain leaks of site logins via Authenticated CSS |
Cross-domain search timing |
Cross-protocol XSS with non-standard service ports |
Cross-protocol XSS with non-standard service ports |
Cross-site File Upload Attacks |
Cross-Site Identification (XSid) |
Cross-Site Port Attacks |
Cross-Site Printing (Printer Spamming) |
Cross-subdomain Cookie Attacks |
Crowd-sourcing mischief on Google Maps leads customers astray |
Cryptophp Backdoor |
CSRF And Ignoring Basic/Digest Auth |
CSRF on Novell GroupWise WebAccess |
CSRF token disclosure via iFRAME and CAPTCHA trickery |
CSRF with JSON – leveraging XHR and CORS |
CSRF with MS Word |
CSRF: Flash + 307 redirect = Game Over |
CSRFing the uTorrent plugin |
CSS :visited may be a bit overrated |
CSS History Hack In Firefox Without JavaScript for Intranet Portscanning |
CSS history hacking with evil marketing |
CSS History Stealing Acts As Cookie |
CSS-Only Clickjacking |
CTA: The weaknesses in client side xss filtering targeting Chrome’s XSS Auditor |
CUPS Detection |
Cursorjacking again |
De-cloaking in IE7.0 Via Windows Variables |
Delta Boarding Pass Spoofing |
Detecting browsers javascript hacks |
Detecting Default Browser in IE |
Detecting FireFox Extentions |
Detecting IE in 12 bytes |
Detecting Private Browsing Mode |
Detecting Privoxy Users and Circumventing It |
Detecting States of Authentication With Protected Images |
Detecting users via Authenticated Redirects |
DHCP Script Injection |
Dialog Spoofing - Firefox Basic Authentication |
Diminutive Worm, 161 byte Web Worm |
DNS poisoning via Port Exhaustion |
DNS Rebinding for Credential Brute Force |
DNS Rebinding for Scraping and Spamming |
DNS Rebinding for Scraping and Spamming |
DNS Rebinding on Java Applets |
Dom Flow |
DOMinator – Finding DOMXSS with dynamic taint propagation |
DoS attacks via Abuse of Functionality vulnerabilities |
Double eval() for DOM based XSS |
Double eval() for DOM based XSS |
Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) |
Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) |
Drupal 7 Core SQLi |
eDellRoot |
Effects of DNS Rebinding On IE’s Trust Zones |
Embeding SVG That Contains XSS Using Base64 Encoding in Firefox |
Encoding Filter Bypass |
Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII) |
Enumerate Windows Users In JS |
Enumerating logins via Abuse of Functionality vulnerabilities |
Enumerating Through User Accounts |
Eradicating DNS Rebinding with the Extended Same-Origin Policy |
Evading All Web Application filters |
Evading All* WAF XSS Filters |
Evercookie |
Exaggerating Timing Attack Results Via GET Flooding |
Excel formula injection in Google Docs |
Expanding the Attack Surface |
Expanding the Attack Surface |
Expanding the control over the operating system from the database |
Expansions on FREAK attack |
Expect Header Injection Via Flash |
Exploitation of “Self-Only” Cross-Site Scripting in Google Code |
Exploiting CSRF Protected XSS |
Exploiting Facebook Application XSS Holes to Make API Requests |
Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection |
Exploiting Logged Out XSS Vulnerabilities |
Exploiting Second Life |
Exploiting the unexploitable XSS with clickjacking |
Exploiting the unexploitable XSS with clickjacking |
Exploiting Unexploitable XSS |
Exploiting XSS in Ajax Web Applications |
Exploiting XSS vulnerabilities on cookies |
Exploiting XXE in File Parsing Functionality |
Exploiting XXE in File Upload Functionality |
Exponential XSS |
Exponential XSS Attacks |
Expression Language Injection |
Expression Language Injection |
F5 and Acunetix XSS disclosure |
Facebook hosted DDOS with notes app |
Facebook: Memorializing a User |
Facebook: Memorializing a User |
Father/Daughter Team Finds Valuable Facebook Bug |
Favorites Gone Wild |
File Download Injection |
File Name Enumeration in Rails |
File System API with HTML5 – Juice for XSS |
FileCry |
Filejacking: How to make a file server from your browser (with HTML5 of course) |
Finding Weak Rails Security Tokens |
Fireeye – Arbitrary reading and writing of the JVM process |
Firefox 2 and WebKit nightly cross-domain image theft |
Firefox cross-domain information theft (simple text strings, some CSV) |
Firefox File Handling Woes |
Firefox Header Redirection JavaScript Execution |
Firefox Popup Blocker Allows Reading Arbitrary Local Files |
Firefox XML injection into parse of remote XML |
Firefox’s JAR: Protocol issues |
Firefoxurl URI Handler Flaw |
Flash Camera and Mic Remember Function and XSS |
Flash clipboard Hijack |
Flash Cookie Object Tracking |
Flash Internet Explorer security model bug |
Flash Origin Policy Issues |
Flash Parameter Injection |
FlashFlood |
Flickr's API Signature Forgery Vulnerability (MD5 extension attack) |
Fooling B64_Encode(Payload) on WAFs and filters |
Forget sidejacking, clickjacking, and carjacking: enter “Formjacking” |
Forging HTTP request headers with Flash |
Forging HTTP request headers with Flash |
Formaction Scriptless attack updates |
Frame Injection Fun |
FREAK(Factoring attack on RSA-Export Keys) |
Free MacWorld Platinum Pass? Yes in 2008! |
Fun with data: URLs |
Generic cross-browser cross-domain theft |
Generic cross-browser cross-domain theft |
Generic cross-browser cross-domain theft |
Get Internal Network Information with Java Applets |
Get Internal Network Information with Java Applets |
GIFAR |
Gmail - Google Docs Cookie Hijacking through PDF Repurposing &PDF |
Google Adsense CSRF hole |
Google Docs puts Google Users at Risk |
Google Dorks Strike Again |
Google Drive SSO Phishing |
Google GMail E-mail Hijack Technique |
Google Hacks On Your Behalf |
Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation |
Google Chrome/ChromeOS sandbox side step via owning extensions |
Google Chrome/ChromeOS sandbox side step via owning extensions |
Google Indexes XSS |
Google plugs phishing hole |
Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk |
Google Two-Factor Authentication Bypass |
Google Urchin password theft madness |
Google User De-Anonymization |
Google Vulnerable Code Dork |
Governator Hack |
Gravatar Email Enumeration in JavaScript |
Hacker scans the internet |
Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox,Internet Explorer) |
Hacking CSRF Tokens using CSS History Hack |
Hacking Facebook with HTML5 |
Hacking Facebook with HTML5 |
Hacking Intranets Through Web Interfaces |
Hacking Intranets Via Brute Force |
Hacking PayPal Accounts with 1 Click |
Hacking RSS Feeds |
Hacking without 0days: Drive-by Java |
Hash Information Disclosure Via Collisions - The Hard Way |
HashDOS: Effective Denial of Service attacks against web application platforms |
Heartbleed |
Hellfire for redirectors |
Hidden XSS Attacking the Desktop & Mobile Platforms |
Hiding JS in Valid Images |
Hijacking Opera’s Native Page using malicious RSS payloads |
Hijacking Safari 4 Top Sites with Phish Bombs |
HikaShop Object Injection |
HostGator: cPanel Security Hole Exploited in Mass Hack |
Hostile Subdomain Takeover using Heroku/Github/Desk + more |
Hostile Subdomain Takeover using Heroku/Github/Desk |
How Facebook lacked X-Frame-Options and what I did with it |
How I hacked GitHub again |
How I hacked Instagram to see your private photos |
How I Hacked StackOverflow |
How to Conceal XSS Injection in HTML5 |
How to Conceal XSS Injection in HTML5 |
How to defeat digg.com |
How to get linked from Slashdot |
How to get SQL query contents from SQL injection flaw |
How to get SQL query contents from SQL injection flaw |
How To Own Every User On A Social Networking Site |
How to upload arbitrary file contents cross-domain |
How to upload arbitrary file contents cross-domain (2) |
How to use Google Analytics to DoS a client from some website. |
HOW TO: Spy on the Webcams of Your Website Visitors |
HScan Redux |
HTML/CSS Injections - Primitive Malicious Code |
HTML+TIME XSS attacks |
HTML5 Hard Disk Filler™ API |
HTML5 new XSS vectors |
HTML5 XSS |
HTTP Parameter Pollution (HPP) |
HTTP POST DoS |
HTTP Proxies Bypass Firewalls |
HTTP Response Splitting and Data: URI scheme in Firefox |
Hunting ASynchronous Vulnerabilities |
Hyperlink Spoofing and the Modern Web |
Chrome addon hacking (2, 3, 4, 5) |
Chrome and Safari users open to stealth HTML5 AppCache attack |
Chronofeit Phishing |
Chronofeit Phishing |
I know what your friends did last summer |
I know what your friends did last summer |
I know what you've got (Firefox Extensions) |
I know where you've been |
I used to know what you watched, on YouTube (CSRF + Crossdomain.xml) |
IE "Print Table of Links" Cross-Zone Scripting Vulnerability |
IE 7 and Firefox Browsers Digest Authentication Request Splitting |
IE Sends Local Addresses in Referer Header |
IE11 RCE |
IE6.0 Protocol Guessing |
IE7.0 Detector |
IE8 Link Spoofing - Broken Status Bar Integrity |
IE9 Self-XSS Blackbox Protection bypass |
Iframe HTTP Ping |
IIS5.1 Directory Authentication Bypass by using ":$I30:$Index_Allocation" |
IIS6/ASP & file upload for fun and profit |
IIS6/ASP & file upload for fun and profit |
illusoryTLS |
Image Names Gone Bad |
IMAP Vulnerable to XSS |
Improving HTTPS Side Channel Attacks |
Improving HTTPS Side Channel Attacks |
Initiating Probes Against Servers Via Other Servers |
Injecting the script tag into XML |
Inline UTF-7 E4X javascript hijacking |
Inline UTF-7 E4X javascript hijacking |
Inter Protocol Exploitation |
Internal Port Scanning via Crystal Reports |
Internal Port Scanning via Crystal Reports |
Internet Archiver Port Scanner |
Internet Explorer 7 "mhtml:" Redirection Information Disclosure |
iPhone SSL Warning and Safari Phishing |
ISO-8895-1 Vulnerable in Firefox to Null Injection |
itms Decloaking |
James Bennett – Django DOS |
Java Applet Same IP Host Access |
Java Applet Same-Origin Policy Bypass via HTTP Redirect |
Java Applet DNS Rebinding |
Java Applets and DNS Rebinding |
Java Deserialization w/ Apache Commons Collections in WebLogic, WebSphere, JBoss, Jenkins, and OpenNMS |
Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem |
Java JAR Attacks and Features |
JavaScript Code Flow Manipulation |
JavaScript Global Namespace Pollution |
JavaScript Port Scanning |
JavaScript Portscanning and bypassing HTTP Auth |
JavaSnoop |
JavaSnoop |
Join a Religion Via CSRF |
JSON Hijacking with UTF-7 |
JSON-based XSS exploitation |
Jumping out of Touch Screen Kiosks |
Kindle Touch (5.0) Jailbreak/Root and SSH |
Kindle Touch (5.0) Jailbreak/Root and SSH |
Large Scale Detection of DOM based XSS |
Launch any file path from web page |
Linskys E420 Authentication Bypass Disclosure |
Local DoS on CUPS to a remote exploit via specially-crafted webpage |
Local DoS on CUPS to a remote exploit via specially-crafted webpage (1) |
LocalRodeo Detection |
Location based XSS attacks |
Login Detection without JavaScript |
LogJam |
Lost in Translation (ASP’s HomoXSSuality) |
Lost in Translation (ASP’s HomoXSSuality) |
Lotus Notes Formula Injection |
Lucky 13 Attack |
Magic Hashes |
Malformed URL in Image Tag Fingerprints Internet Explorer |
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user |
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user |
Mario Heiderich – Mutation XSS |
MD5 extension attack |
Metaverse breached: Second Life customer database hacked |
Microsoft ASP.NET Request Validation Bypass Vulnerability |
Microsoft ASP.NET Request Validation Bypass Vulnerability (POC) |
Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug) |
Microsoft IIS with Metasploit evil.asp;.jpg |
Microsoft SChannel Vulnerability |
Million Browser Botnet Video Briefing |
Millions of PDF invisibly embedded with your internal disk paths |
Millions of PDF invisibly embedded with your internal disk paths |
Misfortune Cookie – TR-069 ACS Vulnerabilities in residential gateway routers |
MITM attack to overwrite addons in Firefox |
MitM DNS Rebinding SSL/TLS Wildcards and XSS |
More Port Scanning - This Time in Flash |
More URI Stuff… (IE’s Resouce URI) |
MSIE Flash 0day targeting french aerospace |
MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency |
Multi-pass filters bypass |
Multiple Facebook Messenger CSRF’s |
Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java |
Multiviews Apache, Accept Requests and free listing |
MX Injection : Capturing and Exploiting Hidden Mail Servers |
MySQL and SQL Column Truncation Vulnerabilities |
MySQL Stacked Queries with SQL Injection...sort of |
MySQL Stacked Queries with SQL Injection...sort of |
NAT Pinning: Penetrating routers and firewalls from a web page |
NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward) |
Navigation Hijacking (Frame/Tab Injection Attacks) |
Net Cross Site Scripting – Request Validation Bypassing ( |
Netflix.com XSRF vuln |
Network Scanning with HTTP without JavaScript |
New Evasions for Web Application Firewalls |
New Methods in Automated XSS Detection: Dynamic XSS Testing Without Using Static Payloads |
New PHPIDS vector |
Next Generation Clickjacking |
Nikon magazine hit with security breach |
No Alnum JavaScript (cheat sheet, jjencode demo) |
NODE.JS CONNECT CSRF BYPASS ABUSING METHODOVERRIDE MIDDLEWARE |
Noisy Decloaking Methods |
Non-Alpha-Non-Digit 3 |
Non-Obvious (Crypto) Bugs by Example |
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick |
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick |
NTLM Relay via HTTP to internet or stealing windows user hashes while using java client |
NULLs in entities in Firefox |
NULLs in entities in Firefox |
One vector to rule them all |
OpenSSL CVE-2014-0224 |
Opera XSS vectors |
Opera XSS vectors |
Optimizing the number of requests in blind SQL injection |
Our Favorite XSS Filters and how to Attack them |
overwriting cookies on other people’s domains in Firefox. |
'Padding Oracle' Crypto Attack |
'Padding Oracle' Crypto Attack (poet, Padbuster, demo,ASP.NET) |
padding oracle web attack (poet, Padbuster, demo) |
Paper on Hacking Intranets Using Websites (Not Web Browsers) |
Parasitic computing using ‘Cloud Browsers’ (2) |
Passing Malicious PHP Through getimagesize() |
Password extraction from Ajax/DOM/HTML5 routine |
Password mining from AWS/Parse Tokens |
Pawn Storm (CVE-2015-7645) |
Pawnstorm |
Paypal Manager Account Hijack |
PayPal Security Flaw allows Identity Theft |
PDF XSS Can Compromise Your Machine |
Penetrating Intranets through Adobe Flex Applications |
Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers |
Permanent backdooring of HTML5 client-side application |
Permanent backdooring of HTML5 client-side application [Apture example] |
Persistent Cookies |
Persistent Cookies and DNS Rebinding Redux |
Persistent Cross Interface Attacks |
Persistent SQL Injection |
Phil Purviance – Don’t Use Linksys Routers |
PHPIDS bypass |
phpwn: Attack on PHP sessions and random numbers |
phpwn: Attack on PHP sessions and random numbers |
Ping pong obfuscation |
Pixel Perfect Timing Attacks with HTML5 |
Poisoning proxy caches using Java/Flash/Web Sockets |
Poking new holes with Flash Crossdomain Policy Files |
Poodle |
Popup & Focus URL Hijacking |
Popup & Focus URL Hijacking |
Port Scan without JavaScript |
Port Scanning with HTML5 and JS-Recon |
Port Scanning with HTML5 and JS-Recon |
Posting raw XML cross-domain |
Practical Timing Attacks using Mathematical Amplification of Time Difference in == Operator |
Pulling system32 out over blind SQL Injection |
Pure Java™, Pure Evil™ Popups |
Pwning Opera Unite with Inferno’s Eleven |
Pwning Opera Unite with Inferno’s Eleven |
Pwning via SSRF (memcached, php-fastcgi, e |
PXSS on long length videos to DOS |
Quick Proxy Detection |
Quicky Firefox DoS |
Quicky Firefox DoS |
Racing to downgrade users to cookie-less authentication |
Random Number Security in Python |
Rapid history extraction through non-destructive cache timing (v8) |
RCE through mangled WAR upload into Tomcat App Manager using PUT-in-Gopher-over-XXE (1) |
Read Firefox Settings (PoC) |
Recursive DNS Resolver (DOS) |
Recursive File Include DoS |
Recursive Request DoS |
Redirector’s hell |
Reflected File Download |
Relative Path Overwrite |
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters) |
Res Timing Attack |
Res Timing File Enumeration Without JavaScript in IE7.0 |
Res:// Protocol Local File Enumeration |
Residential Gateway “Misfortune Cookie” |
Response Splitting Filter Evasion |
Results, Unicode Left/Right Pointing Double Angel Quotation Mark |
Re-visiting JAVA De-serialization: It can't get any simpler than this !! |
RevSlider |
RFC 1918 Blues |
RFC1918 Caching Security Issues |
Rosetta Flash |
Ruby on Rails Session Termination Design Flaw |
Safari Carpet Bomb |
Safari Carpet Bomb |
Safari pwns Internet Explorer |
Same Origin Bypass in Adobe Reader CVE-2014-8453 |
Same Origin Bypassing Using Image Dimensions |
Same Origin Spoofing to Attack Client Certificate Sessions |
Scanning internal Lan with PHP remote file opening. |
Scraping & Spamming |
Selecting Encoding Methods For XSS Filter Evasion |
Server Side Template Injection |
Server-Side Template Injection: RCE for the Modern Web App |
Session Extending |
Session Fixation |
Session Fixation Via DNS Rebinding |
Session Fixation Via DNS Rebinding |
Session Puzzling (aka Session Variable Overloading) |
Session Puzzling (aka Session Variable Overloading) |
setTimeout Clickjacking |
Severe XSS in Google and Others due to the JAR protocol issues |
ShellShock |
Side Channel Attacks in SSL |
Site Plagiarizes Blog Posts, Then Files DMCA Takedown on Originals |
Skype cross-zone scripting vulnerability |
Slideshare |
Slowloris HTTP DoS |
Slowloris HTTP DoS |
SMB Decloaking |
SMBEnum |
SMTP Injection via Recipient Email Address |
Smuggling SMTP through open HTTP proxies |
SNMP XSS Attack |
Soaksoak WordPress Malware |
Social Networks Evil Twin Attacks |
Socket Capable Browser Plugins Result In Transparent Proxy Abuse |
Socket Capable Browser Plugins Result In Transparent Proxy Abuse |
Spoofing Firefox protected objects |
SpyTunes: Find out what iTunes music someone else has |
SQL Smuggling |
SQLi filter evasion cheat sheet (MySQL) |
SSID Script Injection |
St. Louis Federal Reserve DNS Redirect |
Steal History without JavaScript |
Stealing Basic Auth with Persistent XSS |
Stealing entire Auto-Complete data in Google Chrome |
Stealing Mouse Clicks for Banner Fraud |
Stealing Pictures with Picasa |
Stealing Search Engine Queries with JavaScript |
Stealing User Information Via Automatic Form Filling |
Stealth Cookie Stealing (new XSS technique) |
Steam Browser Protocol Insecurity |
Stiltwalker, exploits weaknesses in the audio version of reCAPTCHA |
Stored XSS Vulnerability @ Amazon |
Stripping Referrer for fun and profit |
Stroke triggered XSS and StrokeJacking |
Strokejacking |
Strokejacking |
Struts 2 OGNL Double Evaluation RCE |
Stuffing Javascript into DNS names |
Superfish SSL MitM |
SurveyMonkey: IP Spoofing |
Tabnabbing: A New Type of Phishing Attack |
Tapjacking: owning smartphone browsers |
Temporal Session Race Conditions Video 2 |
Text-based CAPTCHA Strengths and Weaknesses |
The “I Know…” series. What websites know about you |
The Attack of the TINY URLs |
The Case of the Unconventional CSRF Attack in Firefox |
The curse of inverse strokejacking |
The Failure of Noise-Based Non-Continuous Audio Captchas |
The New Age of XXE |
The old is new, again. CVE20112461 is back! |
The PayPal 2FA Bypass |
The Unexpected Dangers of Dynamic JavaScript |
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild |
There’s an OAK TREE in my blog!?!?! |
Timing Attacks on CSS Shaders |
Timothy Morgan – What You Didn’t Know About XML External Entity Attacks |
Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval |
Top 3 Proxy Issues That No One Ever Told You |
Top-Level Universal XSS |
Tor Hidden-Service Passive De-Cloaking |
Total surveillance made easy with VoIP phone |
Tracking users that block cookies with a HTTP redirect |
Tracking users that block cookies with a HTTP redirect |
Tunneling TCP over HTTP over SQL Injection |
Tunneling tcp over http over sql-injection |
Turn Any Page Into A Greasemonkey Popup |
Turning XSS into Clickjacking |
Turning XSS into Clickjacking |
TweetDeck XSS |
Twitter misidentifying context |
UI Redressing Mayhem: Firefox 0-Day And The LeakedIn Affair |
UI Redressing Mayhem: HTTPOnly Bypass PayPwn Style |
UI Redressing: Attacks and Countermeasures Revisited |
Unauthenticated Backup and Password Disclosure In HandsomeWeb SOS Webpages cve-2014-3445 |
Unauthorized TinyURL URL Enumeration Vulnerability |
Understanding and Managing Entropy Usage |
Universal XSS in Adobe’s Acrobat Reader Plugin |
Universal XSS in IE8 |
Universal XSS in IE8 |
Untangling The DOM For More Easy-Juicy Bugs |
UPnP Hacking via Flash |
URL Hiding - new method of URL Spoofing attacks |
URL Hiding - new method of URL Spoofing attacks |
URL Spoofing vulnerability in bots of search engines |
URL Spoofing vulnerability in bots of search engines (#2) |
Username Enumeration Timing Attacks (Sensepost) |
Username Enumeration Vulnerabilities |
Using Blended Browser Threats involving Chrome to steal files on your computer |
Using Cookies For Selective DoS and State Detection |
Using Cross-domain images in WebGL and Chrome 13 |
Using CSS to De-Anonymize |
Using HTTP headers pollution for mobile networks attacks (2) |
Using POST method to bypass IE-browser protected XSS |
Using the HTML5 Fullscreen API for Phishing Attacks |
Using WordPress as a intranet and internet port scanner |
Using your browser URL history to estimate gender |
Variable Width Encoding |
Visitor Tracking Without Cookies (or How To Abuse HTTP 301s) |
Weaknesses in RC4 |
Web Browser History Stealing |
Web Browser Intranet Hacking / Port Scanning |
Web Mayhem: Firefox’s JAR: Protocol issues |
Web pages Detecting Virtualized Browsers and other tricks |
Web Timing Attacks Made Practical |
Web Worms |
Web Worms |
Who Are You? A Statistical Approach to Protecting LinkedIn Logins(CSS UI Redressing Issue) |
Widespread XSS for Google Search Appliance |
Will it Blend? |
Winning the Online Banking War |
WordPress Core RCE |
Xanga Hit By Script Worm |
X-Frame-Options (XFO) Detection from Javascript |
XML Intranet Port Scanning |
XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+ |
XSHM Mark 2 |
XSS Fragmentation Attacks |
XSS in Skype for iOS |
XSS Relocation Attacks through Word Hyperlinking |
XSS Relocation Attacks through Word Hyperlinking |
XSS Vulnerabilities in Common Shockwave Flash Files |
XSS: Gaining access to HttpOnly Cookie in 2012 |
XSSing client-side dynamic HTML includes by hiding HTML inside images and more |
XSSing client-side dynamic HTML includes by hiding HTML inside images and more |
XSS-Track as a HTML5 WebSockets traffic sniffer |
XSS-Track: How to quietly track a whole website through single XSS |
Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency |
Yes, you can have fun with downloads |
Zach Cutlip – Remote Code Execution in Netgear routers |