Top 50 Web Hacking Techniques



This post will serve to collect new attack techniques as they are published. If you think something should be added, please comment below and I'll add them.

"Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work."

Current 2011 List
  1. Bypassing Flash’s local-with-filesystem Sandbox
  2. Abusing HTTP Status Codes to Expose Private Information
  3. SpyTunes: Find out what iTunes music someone else has
  4. CSRF: Flash + 307 redirect = Game Over
  5. Close encounters of the third kind (client-side JavaScript vulnerabilities)
  6. Tracking users that block cookies with a HTTP redirect
  7. The Failure of Noise-Based Non-Continuous Audio Captchas
  8. Kindle Touch (5.0) Jailbreak/Root and SSH
  9. NULLs in entities in Firefox
  10. Timing Attacks on CSS Shaders
  11. CSRF with JSON – leveraging XHR and CORS
  12. Double eval() for DOM based XSS
  13. Hidden XSS Attacking the Desktop & Mobile Platforms
  14. Rapid history extraction through non-destructive cache timing (v8)
  15. Lotus Notes Formula Injection
  16. Stripping Referrer for fun and profit
  17. How to upload arbitrary file contents cross-domain (2)
  18. Exploiting the unexploitable XSS with clickjacking
  19. How to get SQL query contents from SQL injection flaw
  20. XSS-Track as a HTML5 WebSockets traffic sniffer
  21. Cross domain content extraction with fake captcha
  22. Autocomplete..again?!
  23. JSON-based XSS exploitation
  24. DNS poisoning via Port Exhaustion
  25. Java Applet Same-Origin Policy Bypass via HTTP Redirect
  26. HOW TO: Spy on the Webcams of Your Website Visitors
  27. Launch any file path from web page
  28. Crowd-sourcing mischief on Google Maps leads customers astray
  29. BEAST
  30. Bypassing Chrome’s Anti-XSS filter
  31. XSS in Skype for iOS
  32. Cookiejacking
  33. Stealth Cookie Stealing (new XSS technique)
  34. SurveyMonkey: IP Spoofing
  35. Using Cross-domain images in WebGL and Chrome 13
  36. Filejacking: How to make a file server from your browser (with HTML5 of course)
  37. Exploitation of “Self-Only” Cross-Site Scripting in Google Code
  38. Expression Language Injection
  39. (DOMinator) Finding DOMXSS with dynamic taint propagation
  40. Facebook: Memorializing a User
  41. How To Own Every User On A Social Networking Site
  42. Text-based CAPTCHA Strengths and Weaknesses
  43. Session Puzzling (aka Session Variable Overloading) Video 1, 2, 3, 4
  44. Temporal Session Race Conditions Video 2
  45. Google Chrome/ChromeOS sandbox side step via owning extensions
  46. Excel formula injection in Google Docs
  47. Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)
  48. CAPTCHA Hax With TesserCap
  49. Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java
  50. Abusing Flash-Proxies for client-side cross-domain HTTP requests [slides]

Previous Winners
2010 - 'Padding Oracle' Crypto Attack
2009 - Creating a rogue CA certificate
2008 - GIFAR
2007 - XSS Vulnerabilities in Common Shockwave Flash Files
2006 - Web Browser Intranet Hacking / Port Scanning

Comments

Post a Comment

Popular posts from this blog

PHP / SQL Security – The Big Picture

Web Security Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security matters. After the hard work put in to make your site look good and respond to your users, the last thing you want is for a malicious hacker to come along, perform a PHP hack and break it somehow. There are a number of problems in web security, and unfortunately not all of them have definite solutions, but here we'll look at some of the problems that should be considered every time you set out to write a PHP script to avoid a PHP hack attack. These are the problems which, with well-designed code, can be eliminated entirely. Before looking in detail at the solutions, though, lets take a moment to define the problems themselves. SQL Injection In this attack, a user is able to execute SQL queries in your website's database. This attack is u
Read more

PHP / SQL Security – SQL Commands and Non-String Variables

SQL Injection SQL (Structured Query Language) is the language used to interface with many database systems, including MySQL, PostgreSQL and MSSQL. Certain words and characters are interpreted specially by SQL, as commands, separators, or command terminators, for instance. When a user enters data into a form, there is nothing stopping them entering these special commands and characters. Consider the PHP code below: $query = “INSERT INTO orders(address) VALUES('$_GET['address']')”; $result = mysql_query($query); A form with a textbox named address would be used to gather the information for this page. We'll ignore any other form elements for now, but obviously there'd be the order items, a name, possibly a price, a delivery date, and so on, which would also all need storing in a database. Imagine a perfectly legitimate user comes along and enters the following address 14 King's Way Kingston Kingham County The database would spit back an error b
Read more