Top Ten Web Hacking Techniques of 2011

最新推荐文章于 2021-11-10 17:04:21 发布
最新推荐文章于 2021-11-10 17:04:21 发布
阅读量1.1k 收藏
点赞数
文章标签: web overloading redirect security struts applet
 

https://blog.whitehatsec.com/vote-now-top-ten-web-hacking-techniques-of-2011/

Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we’re talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work.

 

The Top Ten

  1. BEAST (by: Thai Duong and Juliano Rizzo)
  2. Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java (by: Johannes Dahse)
  3. DNS poisoning via Port Exhaustion (by: Roee Hay and Yair Amit)
  4. DOMinator – Finding DOMXSS with dynamic taint propagation (by: Stefano Di Paola)
  5. Abusing Flash-Proxies for client-side cross-domain HTTP requests (by: Martin Johns and Sebastian Lekies)
  6. Expression Language Injection (by: Stefano Di Paola and Arshan Dabirsiaghi)
  7. Java Applet Same-Origin Policy Bypass via HTTP Redirect (by: Neal Poole)
  8. CAPTCHA Hax With TesserCap (by: Gursev Kalra)
  9. Bypassing Chrome’s Anti-XSS filter (by: Nick Nikiforakis)
  10. CSRF: Flash + 307 redirect = Game Over (by: Phillip Purviance)

How the winners were selected…

 

Phase 1: Open community voting (Ballot) [COMPLETE]

From of the field of 51 total entries received listed below, each voter (open to everyone) ranks their fifteen favorite Web Hacking Techniques using a survey. Each entry (listed alphabetically) get a certain amount of points depending on how highly they are individually ranked in each ballot. For example, an each entry in position #1 will be given 15 points, position #2 will get 14 point, position #3 gets 13 points, and so on down to 1 point. At the end all points from all ballots will be tabulated to ascertain the top fifteen overall. And NO selecting the same attack multiple times! :) (they’ll be deleted)

Voting will close at the end of the day this Monday, February 20.

[CLOSED] The more people who vote, the better the results! Vote Now!

 

Phase 2: Panel of Security Experts [COMPLETE]

From the result of the open community voting, the top fifteen Web Hacking Techniques will be voted upon by panel of security experts (to be announced soon). Using the exact same voting process as phase 1, the judges will rank the final fifteen based of novelty, impact, and overall pervasiveness. Once tabulation is completed, we’ll have the Top Ten Web Hacking Techniques of 2011!

Voting will close at the end of the day on Sunday, February 26.

Soon after the winners will be announced!

Good luck everyone

 

The Final 15:

Hundreds of votes were cast during the open vote — a great turn out. Thank you everyone for taking the time! 44% of the respondents were self-described “Breakers,” follow by 22% “Defenders,” 16% “Builders,” and 17% did not specify. There was a very smooth distribution of points totals across the range of entries. Clearly everyone had their favorites. Of course we saw a lot of ballot stuffing action, which required a substantive amount of clean-up, but when ranking a Web hacking techniques’ its kind of what you expect :) This is exactly why we have a final 15 process first, so the top ten outcome isn’t negatively affected. Any entries that obviously don’t belong in the top ten are easily eliminated during the “Panel of Security Experts” phase. Now it’s the judges turn to have their say!

  1. Abusing Flash-Proxies for client-side cross-domain HTTP requests
  2. Abusing HTTP Status Codes to Expose Private Information
  3. Autocomplete..again?!
  4. BEAST
  5. Bypassing Chrome’s Anti-XSS filter
  6. CAPTCHA Hax With TesserCap
  7. Cookiejacking
  8. CSRF: Flash + 307 redirect = Game Over
  9. DNS poisoning via Port Exhaustion
  10. DOMinator – Finding DOMXSS with dynamic taint propagation
  11. Expression Language Injection
  12. Java Applet Same-Origin Policy Bypass via HTTP Redirect
  13. JSON-based XSS exploitation
  14. Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java
  15. Session Puzzling (aka Session Variable Overloading)

The Big List:

  1. Abusing Flash-Proxies for client-side cross-domain HTTP requests [slides]
  2. Abusing HTTP Status Codes to Expose Private Information
  3. Autocomplete..again?!
  4. BEAST
  5. Bypassing Chrome’s Anti-XSS filter
  6. Bypassing Flash’s local-with-filesystem Sandbox
  7. CAPTCHA Hax With TesserCap
  8. CSRF with JSON – leveraging XHR and CORS
  9. CSRF: Flash + 307 redirect = Game Over
  10. Close encounters of the third kind (client-side JavaScript vulnerabilities)
  11. Cookiejacking
  12. Cross domain content extraction with fake captcha
  13. Crowd-sourcing mischief on Google Maps leads customers astray
  14. DNS poisoning via Port Exhaustion
  15. DOMinator – Finding DOMXSS with dynamic taint propagation
  16. Double eval() for DOM based XSS
  17. Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)
  18. Excel formula injection in Google Docs
  19. Exploitation of “Self-Only” Cross-Site Scripting in Google Code
  20. Exploiting the unexploitable XSS with clickjacking
  21. Expression Language Injection
  22. Facebook: Memorializing a User
  23. Filejacking: How to make a file server from your browser (with HTML5 of course)
  24. Google Chrome/ChromeOS sandbox side step via owning extensions
  25. HOW TO: Spy on the Webcams of Your Website Visitors
  26. Hidden XSS Attacking the Desktop & Mobile Platforms
  27. How To Own Every User On A Social Networking Site
  28. How to get SQL query contents from SQL injection flaw
  29. How to upload arbitrary file contents cross-domain (2)
  30. JSON-based XSS exploitation
  31. Java Applet Same-Origin Policy Bypass via HTTP Redirect
  32. Kindle Touch (5.0) Jailbreak/Root and SSH
  33. Launch any file path from web page
  34. Lotus Notes Formula Injection
  35. Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java
  36. NULLs in entities in Firefox
  37. Rapid history extraction through non-destructive cache timing (v8)
  38. Session Puzzling (aka Session Variable Overloading) Video 1234
  39. SpyTunes: Find out what iTunes music someone else has
  40. Stealth Cookie Stealing (new XSS technique)
  41. Stripping Referrer for fun and profit
  42. SurveyMonkey: IP Spoofing
  43. Temporal Session Race Conditions Video 2
  44. Text-based CAPTCHA Strengths and Weaknesses
  45. The Failure of Noise-Based Non-Continuous Audio Captchas
  46. Timing Attacks on CSS Shaders
  47. Tracking users that block cookies with a HTTP redirect
  48. Using Cross-domain images in WebGL and Chrome 13
  49. XSS in Skype for iOS
  50. XSS-Track as a HTML5 WebSockets traffic sniffer
  51. HashDOS: Effective Denial of Service attacks against web application platforms
cnbird2008
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
The Basics of Web Hacking_ Tools and Techniques to Attack the Web.epub
06-25
The Basics of Web Hacking_ Tools and Techniques to Attack the Web-Syngress (2013).epub
“黑客”入门学习之“Cookie技术详解”
Python栈_基的博客
03-01 974
"重放攻击"大家应该听说过吧?重放攻击时黑客常用的攻击方式之一,攻击者发送一个目的主机已接收过的包,来达到欺骗系统的目的,主要用于身份认证过程,破坏认证的正确性。这种攻击会不断恶意或欺诈性地重复一个有效的数据传输,重放攻击可以由发起者,也可以由拦截并重发该数据的敌方进行。攻击者利用网络监听或者其他方式盗取认证凭据,之后再把它重新发给认证服务器。重放攻击监听http数据传输的截获的敏感数据大多数就是存放在Cookie中的数据。在web安全中的通过其他方式(非网络监听)盗取Cookie与提交Cookie也是一种
利用 cookie 篡改来攻击 Web 应用程序
coolsun0922的博客
04-14 496
这篇文章阐述了为什么会话管理和会话管理安全性都是复杂的工作,这就是为什么它们经常会留给商业产品来处理。这篇文章描述这两个商业应用程序引擎的语言符号是怎样产生的。作者分析了每个机制的能力,阐述了它的弱势,还论证了这样的弱势怎样才能...
关于DOM型XSS漏洞的学习笔记
热门推荐
Mi1k7ea
03-05 4万+
DOM,全称Document Object Model,是一个平台和语言都中立的接口,可以使程序和脚本能够动态访问和更新文档的内容、结构以及样式。 DOM型XSS其实是一种特殊类型的反射型XSS,它是基于DOM文档对象模型的一种漏洞。 在网站页面中有许多页面的元素,当页面到达浏览器时浏览器会为页面创建一个顶级的Document object文档对象,接着生成各个子文档对象,每个页面元素对应一个
IBM Rational AppScan:利用 cookie 篡改来攻击 Web 应用程序
IBM技术期刊
11-06 1178
这篇文章阐述了为什么会话管理和会话管理安全性都是复杂的工作,这就是为什么它们经常会留给商业产品来处理。这篇文章描述这两个商业应用程序引擎的语言符号是怎样产生的。作者分析了每个机制的能力,阐述了它的弱势,还论证了这样的弱势怎样才能被利用,从而执行模拟和私人违规攻击。他还讨论了攻击性的可行性。最后,他提出一种将安全性从功能中分开的会话管理的方法,并且后者由应用程序引擎实施,但是前者是由一个专门的应用程
2014全国四级网络工程师详细归纳
某熊的技术之路
12-10 4100
第一章:网络系统统结构与设计的基本原则 (1)计算机网络按地理范围划分为局域网,城域网,广域网。 (2)局域网提供高数据传输速率 10mbps-10gbps,低误码率的高质量传输环境。局域网按介质访问控制方法角度分为共享介质式局域网和交换式局域网。局域网按传输介质类型角度分为有线介质局域网和无线介质。局域网早期的计算机网络主要是广域网,分为主计算机与终端(负责数据处理)和通信处理设备与通信电路
Web Hacking 101 中文版
10-05
Web Hacking 101 中文版 (ePub格式) 原书:Hack, Learn, Earn, with a Free E-Book ---------------------------------------------------- 本 ePub 基于开源文档,目录书签齐全。 版权归原作者,翻译版权归译者。...
Web Hacking 101
03-09
Web Hacking 101
Syngress - The Basics of Web Hacking - Tools and Techniques to Attack the Web
03-15
Syngress - The Basics of Web Hacking - Tools and Techniques to Attack the Web 这份文档是应该算是入门节安全性测试
Hacking_Oracle_From_Web_2.zip_WEB HACKING_oracle
09-20
hacking Oracle database from Web
漏洞挖掘——实验11 侧信道攻击+TCP/IP实验
一半西瓜的博客
04-17 5362
题目 Lab 侧信道攻击 + TCP/IP实验 Pre 1、用IE访问某些网站的时候,输入javascript:alert(document.cookie)会有什么反应,解释原因。 2、阅读下面两篇文章或者阅读一本书<<JavaScript DOM编程艺术>>: Javascript Tutorial https://www.evl.uic.edu/luc/bv...
JAVA安全编码规范
Websec
11-10 7181
Java安全编码规范-1.0.6 by k4n5ha0 Java安全编码规范-1.0.6 by k4n5ha0 编写依据与参考文件: 1.《信息安全技术 应用软件安全编程指南》(国标 GBT38674-2020) 2.《Common Weakness Enumeration》 - 国际通用计算机软件缺陷字典 3.《OWASP Top 10 2017》 - 2017年十大Web 应用程序安全风险 4.《fortify - 代码审计规则》
Web缓存中毒(web cache poisoning)学习笔记
汗的博客
05-05 4229
笔者burpsuite的在线安全学院的ssti学习笔记。限于本人水平,笔记质量不是很高,假如有看到的大佬轻喷,很多地方是Google翻译的。 首先推荐篇翻译的文章,方便理解 #先知社区上师傅翻译的:实战Web缓存中毒 https://xz.aliyun.com/t/2585#toc-21 #原文 https://portswigger.net/blog/practical-web-cache-po...
Cookies欺骗分析与防护
11-12 158
今天来谈谈cookies欺骗是怎么回事以及如何避免。   用户在登录之后通常会保存用户信息,以便在其他需要权限的页面去验证用户信息是否具有访问权限。   有同学说我在登录的时候已经很注意SQL注入问题了,还有什么不安全的地方么?   当然有!这个要首先谈一个问题,那就是用户身份验证的流程 如下图:      http://www.xnnews.com.cn/yst/zyys
springboot(酒店管理系统)
04-25
开发语言:Java JDK版本:JDK1.8(或11) 服务器:tomcat 数据库:mysql 5.6/5.7(或8.0) 数据库工具:Navicat 开发软件:idea 依赖管理包:Maven 代码+数据库保证完整可用,可提供远程调试并指导运行服务(额外付费)~ 如果对系统的中的某些部分感到不合适可提供修改服务,比如题目、界面、功能等等... 声明: 1.项目已经调试过,完美运行 2.需要远程帮忙部署项目,需要额外付费 3.本项目有演示视频,如果需要观看,请联系我 4.调试过程中可帮忙安装IDEA,eclipse,MySQL,JDK,Tomcat等软件 重点: 需要其他Java源码联系我,更多源码任你选,你想要的源码我都有! 需要加v19306446185
BP神经网络matlab实例.doc
最新发布
04-25
数学模型算法
设计.zip
04-25
设计.zip
基于 Spring Cloud 组件构建的分布式服务架构
04-25
Java SSM项目是一种使用Java语言和SSM框架(Spring + Spring MVC + MyBatis)开发的Web应用程序。SSM是一种常用的Java开发框架组合,它结合了Spring框架、Spring MVC框架和MyBatis框架的优点,能够快速构建可靠、高效的企业级应用。 1. Spring框架:Spring是一个轻量级的Java开发框架,提供了丰富的功能和模块,用于开发企业级应用。它包括IoC(Inverse of Control,控制反转)容器、AOP(Aspect-Oriented Programming,面向切面编程)等特性,可以简化开发过程、提高代码的可维护性和可测试性。 2. Spring MVC框架:Spring MVC是基于Spring框架的Web框架,用于开发Web应用程序。它采用MVC(Model-View-Controller,模型-视图-控制器)的架构模式,将应用程序分为模型层、视图层和控制器层,提供了处理请求、渲染视图和管理流程的功能。 3. MyBatis框架:MyBatis是一个持久层框架,用于与数据库进行交互。它提供了一种将数据库操作与Java对象映射起来的方式,避免了手动编写繁琐的SQL语句,并提供了事务管理和缓存等功能,简化了数据库访问的过程
【微信小程序毕业设计】书店系统开发项目(源码+演示视频+说明).rar
04-25
【微信小程序毕业设计】书店系统开发项目(源码+演示视频+说明).rar 【项目技术】 微信小程序开发工具+java后端+mysql 【演示视频-编号:246】 https://pan.quark.cn/s/cb634e7c02b5 【实现功能】 用户信息管理,图书信息管理,图书类型管理,图书留言管理,论坛信息管理等
car hacking dataset介绍
07-25
car hacking dataset是指用于研究和分析汽车网络安全的数据集。随着汽车技术的发展,车辆越来越多地依赖于计算机系统和网络连接来提供各种功能和服务。然而,与之相应的风险也不可忽视,例如黑客攻击可能导致汽车...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值