List of Web Hacking Techniques

iPhone SSL Warning and Safari Phishing

RFC 1918 Blues

Slowloris HTTP DoS

CSRF And Ignoring Basic/Digest Auth

Hash Information Disclosure Via Collisions - The Hard Way

Socket Capable Browser Plugins Result In Transparent Proxy Abuse

XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+

Session Fixation Via DNS Rebinding

Quicky Firefox DoS

DNS Rebinding for Credential Brute Force

SMBEnum

DNS Rebinding for Scraping and Spamming

SMB Decloaking

De-cloaking in IE7.0 Via Windows Variables

itms Decloaking

Flash Origin Policy Issues

Cross-subdomain Cookie Attacks

HTTP Parameter Pollution (HPP)

How to use Google Analytics to DoS a client from some website.

Our Favorite XSS Filters and how to Attack them

Location based XSS attacks

PHPIDS bypass

I know what your friends did last summer

Detecting IE in 12 bytes

Detecting browsers javascript hacks

Inline UTF-7 E4X javascript hijacking

HTML5 XSS

Opera XSS vectors

New PHPIDS vector

Bypassing CSP for fun, no profit

Twitter misidentifying context

Ping pong obfuscation

HTML5 new XSS vectors

About CSS Attacks

Web pages Detecting Virtualized Browsers and other tricks

Results, Unicode Left/Right Pointing Double Angel Quotation Mark

Detecting Private Browsing Mode

Cross-domain search timing

Bonus Safari XXE (only affecting Safari 4 Beta)

Apple's Safari 4 also fixes cross-domain XML theft

Apple's Safari 4 fixes local file theft attack

A more plausible E4X attack

A brief description of how to become a CA

Creating a rogue CA certificate

Browser scheme/slash quirks

Cross-protocol XSS with non-standard service ports

Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”

MD5 extension attack

Attack - PDF Silent HTTP Form Repurposing Attacks

XSS Relocation Attacks through Word Hyperlinking

Hacking CSRF Tokens using CSS History Hack

Hijacking Opera’s Native Page using malicious RSS payloads

Millions of PDF invisibly embedded with your internal disk paths

Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection

Pwning Opera Unite with Inferno’s Eleven

Using Blended Browser Threats involving Chrome to steal files on your computer

Bypassing OWASP ESAPI XSS Protection inside Javascript

Hijacking Safari 4 Top Sites with Phish Bombs

Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency

Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF

IE8 Link Spoofing - Broken Status Bar Integrity

Blind SQL Injection: Inference thourgh Underflow exception

Exploiting Unexploitable XSS

Clickjacking & OAuth

Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk

Active Man in the Middle Attacks

Cross-Site Identification (XSid)

Microsoft IIS with Metasploit evil.asp;.jpg

MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency

Generic cross-browser cross-domain theft

Popup & Focus URL Hijacking

Advanced SQL injection to operating system full control (whitepaper)

Expanding the control over the operating system from the database

HTML+TIME XSS attacks

Enumerating logins via Abuse of Functionality vulnerabilities

Hellfire for redirectors

DoS attacks via Abuse of Functionality vulnerabilities

URL Spoofing vulnerability in bots of search engines (#2)

URL Hiding - new method of URL Spoofing attacks

Exploiting Facebook Application XSS Holes to Make API Requests

Unauthorized TinyURL URL Enumeration Vulnerability

Stop Using Internet Explorer

In a statement issued last 4 days (January 16, 2010), the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

If you missed it, McAffee released on January 15, 2010: a report outlining details of the cyber assault on Google and around 20 other major technology companies. It specifically implicates a critical flaw in all versions of IE that allows hackers to “perform reconnaissance and gain complete control over the compromised system.” Microsoft has responded that it is developing an update to the vulnerability.

According to the statement from BSI, even running Internet Explorer in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

IE, while the world’s most popular browser, has been steadily losing marketshare over perceptions that it is slower and less secure than rival browsers, especially Firefox. This incident won’t help.

The full statement, translated via Google, is below:

---

Translated Statement from Germany

---

“In Internet Explorer, there is a critical yet unknown vulnerability. The vulnerability allows attackers to inject malicious code via a specially crafted Web page into a Windows computer to infiltrate and set up. The last week became known hacker attack on Google and other U.S. companies has probably exploited the vulnerability.Affected are the versions 6, 7 to 8 Internet Explorer on Windows systems XP, Vista and Windows 7 Microsoft has released a security advisory in which it discusses ways of minimizing risk and is already working on a patch to close the security gap. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.

Running the Internet Explorer in ‘protected mode’ as well as disabling scripting Acitve Although more difficult to attack, but it can not completely prevented. Therefore, the BSI recommends to switch to the existence of a patch from Microsoft to an alternative browser.

Once the vulnerability has been closed, the BSI will provide information on its warning and information about public-CERT. Keep informed about the civic-CERT and the BSI warns citizens and small and medium enterprises from viruses, worms and vulnerabilities in computer applications. The expert analysis of the BSI around the clock, the security situation in the Internet and send alerts when action is needed and safety information via e-mail.”

Source : ERM Blog