|
(DOMinator) Finding DOMXSS with dynamic taint propagation |
|
(Non-Persistent) Untraceable XSS Attacks |
|
.Net Cross Site Scripting – Request Validation Bypassing |
|
“ASPXErrorPath in URL” Technique in Scanning a .Net Web Application |
|
0DAY: QuickTime pwns Firefox |
|
Using Cookies For Selective DoS and State Detection |
|
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution |
|
Popup & Focus URL Hijacking |
|
The curse of inverse strokejacking |
|
Fooling B64_Encode(Payload) on WAFs and filters |
|
2CAPTCHA Hax With TesserCap |
|
Web pages Detecting Virtualized Browsers and other tricks |
|
Breaking into a WPA network with a webpage |
|
Stroke triggered XSS and StrokeJacking |
|
Poisoning proxy caches using Java/Flash/Web Sockets |
|
How to Conceal XSS Injection in HTML5 |
|
Expanding the Attack Surface |
|
Chronofeit Phishing |
|
Non-Obvious (Crypto) Bugs by Example |
|
SQLi filter evasion cheat sheet (MySQL) |
|
XSHM Mark 2 |
|
A brief description of how to become a CA |
|
A different Opera |
|
A Different Opera |
|
A more plausible E4X attack |
|
A story that diggs itself |
|
A Twitter DomXss, a wrong fix and something more |
|
Aaron Patterson – Serialized YAML Remote Code Execution |
|
ABC News (AU) XSS linking the reporter to Al Qaeda |
|
About CSS Attacks |
|
About CSS Attacks |
|
Abusing CDNs with SSRF Flash and DNS |
|
Abusing Flash-Proxies for client-side cross-domain HTTP requests |
|
Abusing HTML 5 Structured Client-side Storage |
|
Abusing HTTP Status Codes to Expose Private Information |
|
Abusing PHP Sockets |
|
Abusing PHP Sockets (1, 2) |
|
Abusing XLST for Practical Attacks |
|
Abusing XSLT for Practical Attacks |
|
Account Hijackings Force LiveJournal Changes |
|
Active Man in the Middle Attacks |
|
Active Man in the Middle Attacks |
|
ActiveX Repurposing |
|
ActiveX Repurposing, (1, 2) |
|
Additional Image Bypass on Windows |
|
Adultspace XSS Worm |
|
Advanced Exploitation of Mozilla Firefox Use-After-Free Vulnerability (Pwn2Own 2014) CVE-2014-1512 |
|
Advanced SQL injection to operating system full control |
|
Advanced SQL injection to operating system full control(whitepaper) |
|
Advanced Web Attack Techniques using GMail |
|
Advanced Web Attack Techniques using GMail |
|
AIR Flash RCE from PWN2OWN |
|
All Your Google Docs are Belong To US… |
|
Angelo Prado, Neal Harris, Yoel Gluck – BREACH |
|
Anonymizing RFI Attacks Through Google |
|
Anti-DNS Pinning ( DNS Rebinding ) |
|
Anti-DNS Pinning ( DNS Rebinding ) : Online Demonstration |
|
Anti-DNS Pinning ( DNS Rebinding ) + Socket in FLASH |
|
Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning |
|
Apache Struts ClassLoader Manipulation Remote Code Execution |
|
Apache Struts ClassLoader Manipulation Remote Code Execution and Blog Post |
|
Apple's Safari 4 also fixes cross-domain XML theft |
|
Apple's Safari 4 fixes local file theft attack |
|
Arbitrary TCP over uploaded pages |
|
Ashar Javad Attack against Facebook’s password reset process. |
|
ASP.NET 'Padding Oracle' Crypto Attack |
|
AT&T Hack Highlights Web Site Vulnerabilities |
|
Attack - PDF Silent HTTP Form Repurposing Attacks |
|
Attack Surface for Project Spartan’s EdgeHTML Rendering Engine |
|
Attacking CAPTCHAs for Fun and Profit |
|
Attacking HTTPS with Cache Injection |
|
Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select) |
|
Auto-Complete Hack by Hiding Filled in Input Fields with CSS |
|
Autocomplete..again?! |
|
ava DSN Rebinding + Java Same IP Policy = The Internet Mayhem |
|
Backdooring MP3 Files |
|
Backdooring PDF Files |
|
Backdooring QuickTime Movies |
|
BEAST |
|
Belkin Buffer Overflow via Web |
|
BK for Mayor of Oak Tree View |
|
Blended Threats and JavaScript |
|
Blind SQL Injection: Inference thourgh Underflow exception |
|
Blind SQL Injection: Inference thourgh Underflow exception |
|
Blind web server fingerprinting |
|
Bonus Safari XXE (only affecting Safari 4 Beta) |
|
Breaking Google Gears' Cross-Origin Communication Model |
|
Breaking HTTPS with BGP Hijacking |
|
Breaking into a WPA network with a webpage |
|
Browser Event Hijacking |
|
Browser Port Scanning without JavaScript |
|
Browser scheme/slash quirks |
|
Browsers Anti-XSS methods in ASP (classic) have been defeated! |
|
Browser's Ghost Busters |
|
Bruteforce of PHPSESSID |
|
Bruteforcing HTTP Auth in Firefox with JavaScript |
|
Bruteforcing/Abusing search functions with no-rate checks to collect data |
|
Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability |
|
Building Subversive File Sharing With Client Side Applications |
|
Bursting Performances in Blind SQL Injection - Take 2 (Bandwidth) |
|
Bypass port blocking in Firefox, Opera and Konqueror. |
|
Bypass Surgery |
|
Bypassing CAPTCHAs by Impersonating CAPTCHA Providers (1,2) |
|
Bypassing CSP for fun, no profit |
|
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution |
|
Bypassing Filters With Encoding |
|
Bypassing Flash’s local-with-filesystem Sandbox |
|
Bypassing Flash’s local-with-filesystem Sandbox |
|
Bypassing HTTP Basic Authenitcation in PHP Applications (** potential rediscovery of: HTExploit – Bypassing .htaccess restrictions **) |
|
Bypassing Chrome’s Anti-XSS filter |
|
Bypassing Mozilla Port Blocking |
|
Bypassing NoCAPTHCA |
|
Bypassing of web filters by using ASCII |
|
Bypassing OWASP ESAPI XSS Protection inside Javascript |
|
Bypassing URL Authentication and Authorization with HTTP Verb Tampering |
|
Canadian Beacon |
|
CAPTCHA Hax With TesserCap |
|
CAPTCHA Re-Riding Attack |
|
Carlos Munoz – Bypassing Internet Explorer’s Anti-XSS Filter |
|
Circumventing DNS Pinning for XSS |
|
Click here to vote for your favorite web hacks of the year! |
|
Clickjacking & OAuth |
|
Clickjacking / Videojacking |
|
Clickjacking Rootkits for Android (2) |
|
Client-side SQL Injection Attacks |
|
Close encounters of the third kind (client-side JavaScript vulnerabilities) |
|
Close encounters of the third kind (client-side JavaScript vulnerabilities) |
|
CNNINC SSL MitM |
|
Code Execution Through Filenames in Uploads |
|
Code Execution via XSS |
|
Code Execution via XSS (1) |
|
Cody Collier – Exposing Verizon Wireless SMS History |
|
Collecting Lots of Free 'Micro-Deposits' |
|
Common localhost dns misconfiguration can lead to "same site" scripting |
|
Compromising an unreachable Solr Serve |
|
Content Smuggling |
|
Content-Disposition Hacking |
|
Converting unimplementable Cookie-based XSS to a persistent attack |
|
Cookie Eviction |
|
Cookie Path Traversal |
|
Cookiejacking |
|
Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID |
|
Covert Timing Channels based on HTTP Cache Headers |
|
Cracking hashes in the JavaScript cloud with Ravan |
|
Cracking Ruby on Rails Sessions |
|
Creating a rogue CA certificate |
|
CRIME |
|
Cross Context Scripting from within the Browser |
|
Cross Domain Basic Auth Phishing Tactics |
|
Cross domain content extraction with fake captcha |
|
Cross Domain Leakage With Image Size |
|
Cross Environment Hopping |
|
Cross Site URL Hijacking by using Error Object in Mozilla Firefox |
|
Cross-Browser Proxy Unmasking |
|
Cross-domain leaks of site logins via Authenticated CSS |
|
Cross-domain search timing |
|
Cross-protocol XSS with non-standard service ports |
|
Cross-protocol XSS with non-standard service ports |
|
Cross-site File Upload Attacks |
|
Cross-Site Identification (XSid) |
|
Cross-Site Port Attacks |
|
Cross-Site Printing (Printer Spamming) |
|
Cross-subdomain Cookie Attacks |
|
Crowd-sourcing mischief on Google Maps leads customers astray |
|
Cryptophp Backdoor |
|
CSRF And Ignoring Basic/Digest Auth |
|
CSRF on Novell GroupWise WebAccess |
|
CSRF token disclosure via iFRAME and CAPTCHA trickery |
|
CSRF with JSON – leveraging XHR and CORS |
|
CSRF with MS Word |
|
CSRF: Flash + 307 redirect = Game Over |
|
CSRFing the uTorrent plugin |
|
CSS :visited may be a bit overrated |
|
CSS History Hack In Firefox Without JavaScript for Intranet Portscanning |
|
CSS history hacking with evil marketing |
|
CSS History Stealing Acts As Cookie |
|
CSS-Only Clickjacking |
|
CTA: The weaknesses in client side xss filtering targeting Chrome’s XSS Auditor |
|
CUPS Detection |
|
Cursorjacking again |
|
De-cloaking in IE7.0 Via Windows Variables |
|
Delta Boarding Pass Spoofing |
|
Detecting browsers javascript hacks |
|
Detecting Default Browser in IE |
|
Detecting FireFox Extentions |
|
Detecting IE in 12 bytes |
|
Detecting Private Browsing Mode |
|
Detecting Privoxy Users and Circumventing It |
|
Detecting States of Authentication With Protected Images |
|
Detecting users via Authenticated Redirects |
|
DHCP Script Injection |
|
Dialog Spoofing - Firefox Basic Authentication |
|
Diminutive Worm, 161 byte Web Worm |
|
DNS poisoning via Port Exhaustion |
|
DNS Rebinding for Credential Brute Force |
|
DNS Rebinding for Scraping and Spamming |
|
DNS Rebinding for Scraping and Spamming |
|
DNS Rebinding on Java Applets |
|
Dom Flow |
|
DOMinator – Finding DOMXSS with dynamic taint propagation |
|
DoS attacks via Abuse of Functionality vulnerabilities |
|
Double eval() for DOM based XSS |
|
Double eval() for DOM based XSS |
|
Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) |
|
Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) |
|
Drupal 7 Core SQLi |
|
eDellRoot |
|
Effects of DNS Rebinding On IE’s Trust Zones |
|
Embeding SVG That Contains XSS Using Base64 Encoding in Firefox |
|
Encoding Filter Bypass |
|
Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII) |
|
Enumerate Windows Users In JS |
|
Enumerating logins via Abuse of Functionality vulnerabilities |
|
Enumerating Through User Accounts |
|
Eradicating DNS Rebinding with the Extended Same-Origin Policy |
|
Evading All Web Application filters |
|
Evading All* WAF XSS Filters |
|
Evercookie |
|
Exaggerating Timing Attack Results Via GET Flooding |
|
Excel formula injection in Google Docs |
|
Expanding the Attack Surface |
|
Expanding the Attack Surface |
|
Expanding the control over the operating system from the database |
|
Expansions on FREAK attack |
|
Expect Header Injection Via Flash |
|
Exploitation of “Self-Only” Cross-Site Scripting in Google Code |
|
Exploiting CSRF Protected XSS |
|
Exploiting Facebook Application XSS Holes to Make API Requests |
|
Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection |
|
Exploiting Logged Out XSS Vulnerabilities |
|
Exploiting Second Life |
|
Exploiting the unexploitable XSS with clickjacking |
|
Exploiting the unexploitable XSS with clickjacking |
|
Exploiting Unexploitable XSS |
|
Exploiting XSS in Ajax Web Applications |
|
Exploiting XSS vulnerabilities on cookies |
|
Exploiting XXE in File Parsing Functionality |
|
Exploiting XXE in File Upload Functionality |
|
Exponential XSS |
|
Exponential XSS Attacks |
|
Expression Language Injection |
|
Expression Language Injection |
|
F5 and Acunetix XSS disclosure |
|
Facebook hosted DDOS with notes app |
|
Facebook: Memorializing a User |
|
Facebook: Memorializing a User |
|
Father/Daughter Team Finds Valuable Facebook Bug |
|
Favorites Gone Wild |
|
File Download Injection |
|
File Name Enumeration in Rails |
|
File System API with HTML5 – Juice for XSS |
|
FileCry |
|
Filejacking: How to make a file server from your browser (with HTML5 of course) |
|
Finding Weak Rails Security Tokens |
|
Fireeye – Arbitrary reading and writing of the JVM process |
|
Firefox 2 and WebKit nightly cross-domain image theft |
|
Firefox cross-domain information theft (simple text strings, some CSV) |
|
Firefox File Handling Woes |
|
Firefox Header Redirection JavaScript Execution |
|
Firefox Popup Blocker Allows Reading Arbitrary Local Files |
|
Firefox XML injection into parse of remote XML |
|
Firefox’s JAR: Protocol issues |
|
Firefoxurl URI Handler Flaw |
|
Flash Camera and Mic Remember Function and XSS |
|
Flash clipboard Hijack |
|
Flash Cookie Object Tracking |
|
Flash Internet Explorer security model bug |
|
Flash Origin Policy Issues |
|
Flash Parameter Injection |
|
FlashFlood |
|
Flickr's API Signature Forgery Vulnerability (MD5 extension attack) |
|
Fooling B64_Encode(Payload) on WAFs and filters |
|
Forget sidejacking, clickjacking, and carjacking: enter “Formjacking” |
|
Forging HTTP request headers with Flash |
|
Forging HTTP request headers with Flash |
|
Formaction Scriptless attack updates |
|
Frame Injection Fun |
|
FREAK(Factoring attack on RSA-Export Keys) |
|
Free MacWorld Platinum Pass? Yes in 2008! |
|
Fun with data: URLs |
|
Generic cross-browser cross-domain theft |
|
Generic cross-browser cross-domain theft |
|
Generic cross-browser cross-domain theft |
|
Get Internal Network Information with Java Applets |
|
Get Internal Network Information with Java Applets |
|
GIFAR |
|
Gmail - Google Docs Cookie Hijacking through PDF Repurposing &PDF |
|
Google Adsense CSRF hole |
|
Google Docs puts Google Users at Risk |
|
Google Dorks Strike Again |
|
Google Drive SSO Phishing |
|
Google GMail E-mail Hijack Technique |
|
Google Hacks On Your Behalf |
|
Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation |
|
Google Chrome/ChromeOS sandbox side step via owning extensions |
|
Google Chrome/ChromeOS sandbox side step via owning extensions |
|
Google Indexes XSS |
|
Google plugs phishing hole |
|
Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk |
|
Google Two-Factor Authentication Bypass |
|
Google Urchin password theft madness |
|
Google User De-Anonymization |
|
Google Vulnerable Code Dork |
|
Governator Hack |
|
Gravatar Email Enumeration in JavaScript |
|
Hacker scans the internet |
|
Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox,Internet Explorer) |
|
Hacking CSRF Tokens using CSS History Hack |
|
Hacking Facebook with HTML5 |
|
Hacking Facebook with HTML5 |
|
Hacking Intranets Through Web Interfaces |
|
Hacking Intranets Via Brute Force |
|
Hacking PayPal Accounts with 1 Click |
|
Hacking RSS Feeds |
|
Hacking without 0days: Drive-by Java |
|
Hash Information Disclosure Via Collisions - The Hard Way |
|
HashDOS: Effective Denial of Service attacks against web application platforms |
|
Heartbleed |
|
Hellfire for redirectors |
|
Hidden XSS Attacking the Desktop & Mobile Platforms |
|
Hiding JS in Valid Images |
|
Hijacking Opera’s Native Page using malicious RSS payloads |
|
Hijacking Safari 4 Top Sites with Phish Bombs |
|
HikaShop Object Injection |
|
HostGator: cPanel Security Hole Exploited in Mass Hack |
|
Hostile Subdomain Takeover using Heroku/Github/Desk + more |
|
Hostile Subdomain Takeover using Heroku/Github/Desk |
|
How Facebook lacked X-Frame-Options and what I did with it |
|
How I hacked GitHub again |
|
How I hacked Instagram to see your private photos |
|
How I Hacked StackOverflow |
|
How to Conceal XSS Injection in HTML5 |
|
How to Conceal XSS Injection in HTML5 |
|
How to defeat digg.com |
|
How to get linked from Slashdot |
|
How to get SQL query contents from SQL injection flaw |
|
How to get SQL query contents from SQL injection flaw |
|
How To Own Every User On A Social Networking Site |
|
How to upload arbitrary file contents cross-domain |
|
How to upload arbitrary file contents cross-domain (2) |
|
How to use Google Analytics to DoS a client from some website. |
|
HOW TO: Spy on the Webcams of Your Website Visitors |
|
HScan Redux |
|
HTML/CSS Injections - Primitive Malicious Code |
|
HTML+TIME XSS attacks |
|
HTML5 Hard Disk Filler™ API |
|
HTML5 new XSS vectors |
|
HTML5 XSS |
|
HTTP Parameter Pollution (HPP) |
|
HTTP POST DoS |
|
HTTP Proxies Bypass Firewalls |
|
HTTP Response Splitting and Data: URI scheme in Firefox |
|
Hunting ASynchronous Vulnerabilities |
|
Hyperlink Spoofing and the Modern Web |
|
Chrome addon hacking (2, 3, 4, 5) |
|
Chrome and Safari users open to stealth HTML5 AppCache attack |
|
Chronofeit Phishing |
|
Chronofeit Phishing |
|
I know what your friends did last summer |
|
I know what your friends did last summer |
|
I know what you've got (Firefox Extensions) |
|
I know where you've been |
|
I used to know what you watched, on YouTube (CSRF + Crossdomain.xml) |
|
IE "Print Table of Links" Cross-Zone Scripting Vulnerability |
|
IE 7 and Firefox Browsers Digest Authentication Request Splitting |
|
IE Sends Local Addresses in Referer Header |
|
IE11 RCE |
|
IE6.0 Protocol Guessing |
|
IE7.0 Detector |
|
IE8 Link Spoofing - Broken Status Bar Integrity |
|
IE9 Self-XSS Blackbox Protection bypass |
|
Iframe HTTP Ping |
|
IIS5.1 Directory Authentication Bypass by using ":$I30:$Index_Allocation" |
|
IIS6/ASP & file upload for fun and profit |
|
IIS6/ASP & file upload for fun and profit |
|
illusoryTLS |
|
Image Names Gone Bad |
|
IMAP Vulnerable to XSS |
|
Improving HTTPS Side Channel Attacks |
|
Improving HTTPS Side Channel Attacks |
|
Initiating Probes Against Servers Via Other Servers |
|
Injecting the script tag into XML |
|
Inline UTF-7 E4X javascript hijacking |
|
Inline UTF-7 E4X javascript hijacking |
|
Inter Protocol Exploitation |
|
Internal Port Scanning via Crystal Reports |
|
Internal Port Scanning via Crystal Reports |
|
Internet Archiver Port Scanner |
|
Internet Explorer 7 "mhtml:" Redirection Information Disclosure |
|
iPhone SSL Warning and Safari Phishing |
|
ISO-8895-1 Vulnerable in Firefox to Null Injection |
|
itms Decloaking |
|
James Bennett – Django DOS |
|
Java Applet Same IP Host Access |
|
Java Applet Same-Origin Policy Bypass via HTTP Redirect |
|
Java Applet DNS Rebinding |
|
Java Applets and DNS Rebinding |
|
Java Deserialization w/ Apache Commons Collections in WebLogic, WebSphere, JBoss, Jenkins, and OpenNMS |
|
Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem |
|
Java JAR Attacks and Features |
|
JavaScript Code Flow Manipulation |
|
JavaScript Global Namespace Pollution |
|
JavaScript Port Scanning |
|
JavaScript Portscanning and bypassing HTTP Auth |
|
JavaSnoop |
|
JavaSnoop |
|
Join a Religion Via CSRF |
|
JSON Hijacking with UTF-7 |
|
JSON-based XSS exploitation |
|
Jumping out of Touch Screen Kiosks |
|
Kindle Touch (5.0) Jailbreak/Root and SSH |
|
Kindle Touch (5.0) Jailbreak/Root and SSH |
|
Large Scale Detection of DOM based XSS |
|
Launch any file path from web page |
|
Linskys E420 Authentication Bypass Disclosure |
|
Local DoS on CUPS to a remote exploit via specially-crafted webpage |
|
Local DoS on CUPS to a remote exploit via specially-crafted webpage (1) |
|
LocalRodeo Detection |
|
Location based XSS attacks |
|
Login Detection without JavaScript |
|
LogJam |
|
Lost in Translation (ASP’s HomoXSSuality) |
|
Lost in Translation (ASP’s HomoXSSuality) |
|
Lotus Notes Formula Injection |
|
Lucky 13 Attack |
|
Magic Hashes |
|
Malformed URL in Image Tag Fingerprints Internet Explorer |
|
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user |
|
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user |
|
Mario Heiderich – Mutation XSS |
|
MD5 extension attack |
|
Metaverse breached: Second Life customer database hacked |
|
Microsoft ASP.NET Request Validation Bypass Vulnerability |
|
Microsoft ASP.NET Request Validation Bypass Vulnerability (POC) |
|
Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug) |
|
Microsoft IIS with Metasploit evil.asp;.jpg |
|
Microsoft SChannel Vulnerability |
|
Million Browser Botnet Video Briefing |
|
Millions of PDF invisibly embedded with your internal disk paths |
|
Millions of PDF invisibly embedded with your internal disk paths |
|
Misfortune Cookie – TR-069 ACS Vulnerabilities in residential gateway routers |
|
MITM attack to overwrite addons in Firefox |
|
MitM DNS Rebinding SSL/TLS Wildcards and XSS |
|
More Port Scanning - This Time in Flash |
|
More URI Stuff… (IE’s Resouce URI) |
|
MSIE Flash 0day targeting french aerospace |
|
MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency |
|
Multi-pass filters bypass |
|
Multiple Facebook Messenger CSRF’s |
|
Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java |
|
Multiviews Apache, Accept Requests and free listing |
|
MX Injection : Capturing and Exploiting Hidden Mail Servers |
|
MySQL and SQL Column Truncation Vulnerabilities |
|
MySQL Stacked Queries with SQL Injection...sort of |
|
MySQL Stacked Queries with SQL Injection...sort of |
|
NAT Pinning: Penetrating routers and firewalls from a web page |
|
NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward) |
|
Navigation Hijacking (Frame/Tab Injection Attacks) |
|
Net Cross Site Scripting – Request Validation Bypassing ( |
|
Netflix.com XSRF vuln |
|
Network Scanning with HTTP without JavaScript |
|
New Evasions for Web Application Firewalls |
|
New Methods in Automated XSS Detection: Dynamic XSS Testing Without Using Static Payloads |
|
New PHPIDS vector |
|
Next Generation Clickjacking |
|
Nikon magazine hit with security breach |
|
No Alnum JavaScript (cheat sheet, jjencode demo) |
|
NODE.JS CONNECT CSRF BYPASS ABUSING METHODOVERRIDE MIDDLEWARE |
|
Noisy Decloaking Methods |
|
Non-Alpha-Non-Digit 3 |
|
Non-Obvious (Crypto) Bugs by Example |
|
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick |
|
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick |
|
NTLM Relay via HTTP to internet or stealing windows user hashes while using java client |
|
NULLs in entities in Firefox |
|
NULLs in entities in Firefox |
|
One vector to rule them all |
|
OpenSSL CVE-2014-0224 |
|
Opera XSS vectors |
|
Opera XSS vectors |
|
Optimizing the number of requests in blind SQL injection |
|
Our Favorite XSS Filters and how to Attack them |
|
overwriting cookies on other people’s domains in Firefox. |
|
'Padding Oracle' Crypto Attack |
|
'Padding Oracle' Crypto Attack (poet, Padbuster, demo,ASP.NET) |
|
padding oracle web attack (poet, Padbuster, demo) |
|
Paper on Hacking Intranets Using Websites (Not Web Browsers) |
|
Parasitic computing using ‘Cloud Browsers’ (2) |
|
Passing Malicious PHP Through getimagesize() |
|
Password extraction from Ajax/DOM/HTML5 routine |
|
Password mining from AWS/Parse Tokens |
|
Pawn Storm (CVE-2015-7645) |
|
Pawnstorm |
|
Paypal Manager Account Hijack |
|
PayPal Security Flaw allows Identity Theft |
|
PDF XSS Can Compromise Your Machine |
|
Penetrating Intranets through Adobe Flex Applications |
|
Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers |
|
Permanent backdooring of HTML5 client-side application |
|
Permanent backdooring of HTML5 client-side application [Apture example] |
|
Persistent Cookies |
|
Persistent Cookies and DNS Rebinding Redux |
|
Persistent Cross Interface Attacks |
|
Persistent SQL Injection |
|
Phil Purviance – Don’t Use Linksys Routers |
|
PHPIDS bypass |
|
phpwn: Attack on PHP sessions and random numbers |
|
phpwn: Attack on PHP sessions and random numbers |
|
Ping pong obfuscation |
|
Pixel Perfect Timing Attacks with HTML5 |
|
Poisoning proxy caches using Java/Flash/Web Sockets |
|
Poking new holes with Flash Crossdomain Policy Files |
|
Poodle |
|
Popup & Focus URL Hijacking |
|
Popup & Focus URL Hijacking |
|
Port Scan without JavaScript |
|
Port Scanning with HTML5 and JS-Recon |
|
Port Scanning with HTML5 and JS-Recon |
|
Posting raw XML cross-domain |
|
Practical Timing Attacks using Mathematical Amplification of Time Difference in == Operator |
|
Pulling system32 out over blind SQL Injection |
|
Pure Java™, Pure Evil™ Popups |
|
Pwning Opera Unite with Inferno’s Eleven |
|
Pwning Opera Unite with Inferno’s Eleven |
|
Pwning via SSRF (memcached, php-fastcgi, e |
|
PXSS on long length videos to DOS |
|
Quick Proxy Detection |
|
Quicky Firefox DoS |
|
Quicky Firefox DoS |
|
Racing to downgrade users to cookie-less authentication |
|
Random Number Security in Python |
|
Rapid history extraction through non-destructive cache timing (v8) |
|
RCE through mangled WAR upload into Tomcat App Manager using PUT-in-Gopher-over-XXE (1) |
|
Read Firefox Settings (PoC) |
|
Recursive DNS Resolver (DOS) |
|
Recursive File Include DoS |
|
Recursive Request DoS |
|
Redirector’s hell |
|
Reflected File Download |
|
Relative Path Overwrite |
|
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters) |
|
Res Timing Attack |
|
Res Timing File Enumeration Without JavaScript in IE7.0 |
|
Res:// Protocol Local File Enumeration |
|
Residential Gateway “Misfortune Cookie” |
|
Response Splitting Filter Evasion |
|
Results, Unicode Left/Right Pointing Double Angel Quotation Mark |
|
Re-visiting JAVA De-serialization: It can't get any simpler than this !! |
|
RevSlider |
|
RFC 1918 Blues |
|
RFC1918 Caching Security Issues |
|
Rosetta Flash |
|
Ruby on Rails Session Termination Design Flaw |
|
Safari Carpet Bomb |
|
Safari Carpet Bomb |
|
Safari pwns Internet Explorer |
|
Same Origin Bypass in Adobe Reader CVE-2014-8453 |
|
Same Origin Bypassing Using Image Dimensions |
|
Same Origin Spoofing to Attack Client Certificate Sessions |
|
Scanning internal Lan with PHP remote file opening. |
|
Scraping & Spamming |
|
Selecting Encoding Methods For XSS Filter Evasion |
|
Server Side Template Injection |
|
Server-Side Template Injection: RCE for the Modern Web App |
|
Session Extending |
|
Session Fixation |
|
Session Fixation Via DNS Rebinding |
|
Session Fixation Via DNS Rebinding |
|
Session Puzzling (aka Session Variable Overloading) |
|
Session Puzzling (aka Session Variable Overloading) |
|
setTimeout Clickjacking |
|
Severe XSS in Google and Others due to the JAR protocol issues |
|
ShellShock |
|
Side Channel Attacks in SSL |
|
Site Plagiarizes Blog Posts, Then Files DMCA Takedown on Originals |
|
Skype cross-zone scripting vulnerability |
|
Slideshare |
|
Slowloris HTTP DoS |
|
Slowloris HTTP DoS |
|
SMB Decloaking |
|
SMBEnum |
|
SMTP Injection via Recipient Email Address |
|
Smuggling SMTP through open HTTP proxies |
|
SNMP XSS Attack |
|
Soaksoak WordPress Malware |
|
Social Networks Evil Twin Attacks |
|
Socket Capable Browser Plugins Result In Transparent Proxy Abuse |
|
Socket Capable Browser Plugins Result In Transparent Proxy Abuse |
|
Spoofing Firefox protected objects |
|
SpyTunes: Find out what iTunes music someone else has |
|
SQL Smuggling |
|
SQLi filter evasion cheat sheet (MySQL) |
|
SSID Script Injection |
|
St. Louis Federal Reserve DNS Redirect |
|
Steal History without JavaScript |
|
Stealing Basic Auth with Persistent XSS |
|
Stealing entire Auto-Complete data in Google Chrome |
|
Stealing Mouse Clicks for Banner Fraud |
|
Stealing Pictures with Picasa |
|
Stealing Search Engine Queries with JavaScript |
|
Stealing User Information Via Automatic Form Filling |
|
Stealth Cookie Stealing (new XSS technique) |
|
Steam Browser Protocol Insecurity |
|
Stiltwalker, exploits weaknesses in the audio version of reCAPTCHA |
|
Stored XSS Vulnerability @ Amazon |
|
Stripping Referrer for fun and profit |
|
Stroke triggered XSS and StrokeJacking |
|
Strokejacking |
|
Strokejacking |
|
Struts 2 OGNL Double Evaluation RCE |
|
Stuffing Javascript into DNS names |
|
Superfish SSL MitM |
|
SurveyMonkey: IP Spoofing |
|
Tabnabbing: A New Type of Phishing Attack |
|
Tapjacking: owning smartphone browsers |
|
Temporal Session Race Conditions Video 2 |
|
Text-based CAPTCHA Strengths and Weaknesses |
|
The “I Know…” series. What websites know about you |
|
The Attack of the TINY URLs |
|
The Case of the Unconventional CSRF Attack in Firefox |
|
The curse of inverse strokejacking |
|
The Failure of Noise-Based Non-Continuous Audio Captchas |
|
The New Age of XXE |
|
The old is new, again. CVE20112461 is back! |
|
The PayPal 2FA Bypass |
|
The Unexpected Dangers of Dynamic JavaScript |
|
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild |
|
There’s an OAK TREE in my blog!?!?! |
|
Timing Attacks on CSS Shaders |
|
Timothy Morgan – What You Didn’t Know About XML External Entity Attacks |
|
Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval |
|
Top 3 Proxy Issues That No One Ever Told You |
|
Top-Level Universal XSS |
|
Tor Hidden-Service Passive De-Cloaking |
|
Total surveillance made easy with VoIP phone |
|
Tracking users that block cookies with a HTTP redirect |
|
Tracking users that block cookies with a HTTP redirect |
|
Tunneling TCP over HTTP over SQL Injection |
|
Tunneling tcp over http over sql-injection |
|
Turn Any Page Into A Greasemonkey Popup |
|
Turning XSS into Clickjacking |
|
Turning XSS into Clickjacking |
|
TweetDeck XSS |
|
Twitter misidentifying context |
|
UI Redressing Mayhem: Firefox 0-Day And The LeakedIn Affair |
|
UI Redressing Mayhem: HTTPOnly Bypass PayPwn Style |
|
UI Redressing: Attacks and Countermeasures Revisited |
|
Unauthenticated Backup and Password Disclosure In HandsomeWeb SOS Webpages cve-2014-3445 |
|
Unauthorized TinyURL URL Enumeration Vulnerability |
|
Understanding and Managing Entropy Usage |
|
Universal XSS in Adobe’s Acrobat Reader Plugin |
|
Universal XSS in IE8 |
|
Universal XSS in IE8 |
|
Untangling The DOM For More Easy-Juicy Bugs |
|
UPnP Hacking via Flash |
|
URL Hiding - new method of URL Spoofing attacks |
|
URL Hiding - new method of URL Spoofing attacks |
|
URL Spoofing vulnerability in bots of search engines |
|
URL Spoofing vulnerability in bots of search engines (#2) |
|
Username Enumeration Timing Attacks (Sensepost) |
|
Username Enumeration Vulnerabilities |
|
Using Blended Browser Threats involving Chrome to steal files on your computer |
|
Using Cookies For Selective DoS and State Detection |
|
Using Cross-domain images in WebGL and Chrome 13 |
|
Using CSS to De-Anonymize |
|
Using HTTP headers pollution for mobile networks attacks (2) |
|
Using POST method to bypass IE-browser protected XSS |
|
Using the HTML5 Fullscreen API for Phishing Attacks |
|
Using WordPress as a intranet and internet port scanner |
|
Using your browser URL history to estimate gender |
|
Variable Width Encoding |
|
Visitor Tracking Without Cookies (or How To Abuse HTTP 301s) |
|
Weaknesses in RC4 |
|
Web Browser History Stealing |
|
Web Browser Intranet Hacking / Port Scanning |
|
Web Mayhem: Firefox’s JAR: Protocol issues |
|
Web pages Detecting Virtualized Browsers and other tricks |
|
Web Timing Attacks Made Practical |
|
Web Worms |
|
Web Worms |
|
Who Are You? A Statistical Approach to Protecting LinkedIn Logins(CSS UI Redressing Issue) |
|
Widespread XSS for Google Search Appliance |
|
Will it Blend? |
|
Winning the Online Banking War |
|
WordPress Core RCE |
|
Xanga Hit By Script Worm |
|
X-Frame-Options (XFO) Detection from Javascript |
|
XML Intranet Port Scanning |
|
XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+ |
|
XSHM Mark 2 |
|
XSS Fragmentation Attacks |
|
XSS in Skype for iOS |
|
XSS Relocation Attacks through Word Hyperlinking |
|
XSS Relocation Attacks through Word Hyperlinking |
|
XSS Vulnerabilities in Common Shockwave Flash Files |
|
XSS: Gaining access to HttpOnly Cookie in 2012 |
|
XSSing client-side dynamic HTML includes by hiding HTML inside images and more |
|
XSSing client-side dynamic HTML includes by hiding HTML inside images and more |
|
XSS-Track as a HTML5 WebSockets traffic sniffer |
|
XSS-Track: How to quietly track a whole website through single XSS |
|
Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency |
|
Yes, you can have fun with downloads |
|
Zach Cutlip – Remote Code Execution in Netgear routers |