2011年参与投票十大网络黑客技术的文章汇总

2011年参与投票十大网络黑客技术的文章如下【可链接阅读】:
  • Abusing Flash-Proxies for client-side cross-domain HTTP requests [slides]
  • Abusing HTTP Status Codes to Expose Private Information
  • Autocomplete..again?!
  • BEAST
  • Bypassing Chrome’s Anti-XSS filter
  • Bypassing Flash’s local-with-filesystem Sandbox
  • CAPTCHA Hax With TesserCap
  • CSRF with JSON – leveraging XHR and CORS
  • CSRF: Flash + 307 redirect = Game Over
  • Close encounters of the third kind (client-side JavaScript vulnerabilities)
  • Cookiejacking
  • Cross domain content extraction with fake captcha
  • Crowd-sourcing mischief on Google Maps leads customers astray
  • DNS poisoning via Port Exhaustion
  • DOMinator – Finding DOMXSS with dynamic taint propagation
  • Double eval() for DOM based XSS
  • Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)
  • Excel formula injection in Google Docs
  • Exploitation of “Self-Only” Cross-Site Scripting in Google Code
  • Exploiting the unexploitable XSS with clickjacking
  • Expression Language Injection
  • Facebook: Memorializing a User
  • Filejacking: How to make a file server from your browser (with HTML5 of course)
  • Google Chrome/ChromeOS sandbox side step via owning extensions
  • HOW TO: Spy on the Webcams of Your Website Visitors
  • Hidden XSS Attacking the Desktop & Mobile Platforms
  • How To Own Every User On A Social Networking Site
  • How to get SQL query contents from SQL injection flaw
  • How to upload arbitrary file contents cross-domain (2)
  • JSON-based XSS exploitation
  • Java Applet Same-Origin Policy Bypass via HTTP Redirect
  • Kindle Touch (5.0) Jailbreak/Root and SSH
  • Launch any file path from web page
  • Lotus Notes Formula Injection
  • Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java
  • NULLs in entities in Firefox
  • Rapid history extraction through non-destructive cache timing (v8)
  • Session Puzzling (aka Session Variable Overloading) Video 1234
  • SpyTunes: Find out what iTunes music someone else has
  • Stealth Cookie Stealing (new XSS technique)
  • Stripping Referrer for fun and profit
  • SurveyMonkey: IP Spoofing
  • Temporal Session Race Conditions Video 2
  • Text-based CAPTCHA Strengths and Weaknesses
  • The Failure of Noise-Based Non-Continuous Audio Captchas
  • Timing Attacks on CSS Shaders
  • Tracking users that block cookies with a HTTP redirect
  • Using Cross-domain images in WebGL and Chrome 13
  • XSS in Skype for iOS
  • XSS-Track as a HTML5 WebSockets traffic sniffer
  • HashDOS: Effective Denial of Service attacks against web application platforms

你可能感兴趣的:(2011年参与投票十大网络黑客技术的文章汇总)