四年300个攻击技术总结（2006-2009）

(2006:1-65 | 2007:66-148 | 2008:149-218 | 2009:219-300) 300种思路，300个变通思维。部分文章需看。
1.The Attack of the TINY URLs
2.Backdooring MP3 Files
3.Backdooring QuickTime Movies
4.CSS history hacking with evil marketing
5.I know where you've been
6.Stealing Search Engine Queries with JavaScript
7.Hacking RSS Feeds
8.MX Injection : Capturing and Exploiting Hidden Mail Servers
9.Blind web server fingerprinting
10.JavaScript Port Scanning
11.CSRF with MS Word
12.Backdooring PDF Files
13.Exponential XSS Attacks
14.Malformed URL in Image Tag Fingerprints Internet Explorer
15.JavaScript Portscanning and bypassing HTTP Auth
16.Bruteforcing HTTP Auth in Firefox with JavaScript
17.Bypassing Mozilla Port Blocking
18.How to defeat digg.com
19.A story that diggs itself
20.Expect Header Injection Via Flash
21.Forging HTTP request headers with Flash
22.Cross Domain Leakage With Image Size
23.Enumerating Through User Accounts
24.Widespread XSS for Google Search Appliance
25.Detecting States of Authentication With Protected Images
26.XSS Fragmentation Attacks
27.Poking new holes with Flash Crossdomain Policy Files
28.Google Indexes XSS
29.XML Intranet Port Scanning
30.IMAP Vulnerable to XSS
31.Detecting Privoxy Users and Circumventing It
32.Using CSS to De-Anonymize
33.Response Splitting Filter Evasion
34.CSS History Stealing Acts As Cookie
35.Detecting FireFox Extentions
36.Stealing User Information Via Automatic Form Filling
37.Circumventing DNS Pinning for XSS
38.Netflix.com XSRF vuln
39.Browser Port Scanning without JavaScript
40.Widespread XSS for Google Search Appliance
41.Bypassing Filters With Encoding
42.Variable Width Encoding
43.Network Scanning with HTTP without JavaScript
44.AT&T Hack Highlights Web Site Vulnerabilities
45.How to get linked from Slashdot
46.F5 and Acunetix XSS disclosure
47.Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning
48.Google plugs phishing hole
49.Nikon magazine hit with security breach
50.Governator Hack
51.Metaverse breached: Second Life customer database hacked
52.HostGator: cPanel Security Hole Exploited in Mass Hack
53.Firefox Extensions
54.ABC News (AU) XSS linking the reporter to Al Qaeda
55.Account Hijackings Force LiveJournal Changes
56.Xanga Hit By Script Worm
57.Advanced Web Attack Techniques using GMail
58.PayPal Security Flaw allows Identity Theft
59.Internet Explorer 7 "mhtml:" Redirection Information Disclosure
60.Bypassing of web filters by using ASCII
61.Selecting Encoding Methods For XSS Filter Evasion
62.Adultspace XSS Worm
63.Anonymizing RFI Attacks Through Google
64.Google Hacks On Your Behalf
65.Google Dorks Strike Again
66.Cross-Site Printing
67.Stealing Pictures with Picasa
68.HScan Redux
69.ISO-8895-1 Vulnerable in Firefox to Null Injection
70.MITM attack to overwrite addons in Firefox
71.Microsoft ASP.NET Request Validation Bypass Vulnerability
72.Non-Alpha-Non-Digit 3
73.Steal History without JavaScript
74.Pure Java??, Pure Evil?? Popups
75.Google Adsense CSRF hole
76.There’s an OAK TREE in my blog!?!?!
77.BK for Mayor of Oak Tree View
78.Google Docs puts Google Users at Risk
79.All Your Google Docs are Belong To US…
80.Java Applets and DNS Rebinding
81.Scanning internal Lan with PHP remote file opening.
82.Firefox File Handling Woes
83.Firefoxurl URI Handler Flaw
84.Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability
85.Multiviews Apache, Accept Requests and free listing
86.Optimizing the number of requests in blind SQL injection
87.Bursting Performances in Blind SQL Injection - Take 2
88.Port Scan without JavaScript
89.Favorites Gone Wild
90.Cross-Browser Proxy Unmasking
91.Spoofing Firefox protected objects
92.Injecting the script tag into XML
93.Login Detection without JavaScript
94.Anti-DNS Pinning ( DNS Rebinding ) : Online Demonstration
95.Username Enumeration Timing Attacks
96.Google GMail E-mail Hijack Technique
97.Recursive Request DoS
98.Exaggerating Timing Attack Results Via GET Flooding
99.Initiating Probes Against Servers Via Other Servers
100.Effects of DNS Rebinding On IE’s Trust Zones
101.Paper on Hacking Intranets Using Websites
102.More Port Scanning - This Time in Flash
103.HTTP Response Splitting and Data: URI scheme in Firefox
104.Res:// Protocol Local File Enumeration
105.Res Timing Attack
106.IE6.0 Protocol Guessing
107.IE 7 and Firefox Browsers Digest Authentication Request Splitting
108.Hacking Intranets Via Brute Force
109.Hiding JS in Valid Images
110.Internet Archiver Port Scanner
111.Noisy Decloaking Methods
112.Code Execution Through Filenames in Uploads
113.Cross Domain Basic Auth Phishing Tactics
114.Additional Image Bypass on Windows
115.Detecting users via Authenticated Redirects
116.Passing Malicious PHP Through getimagesize()
117.Turn Any Page Into A Greasemonkey Popup
118.Enumerate Windows Users In JS
119.Anti-DNS Pinning ( DNS Rebinding ) + Socket in FLASH
120.Iframe HTTP Ping
121.Read Firefox Settings (PoC)
122.Stealing Mouse Clicks for Banner Fraud
123.(Non-Persistent) Untraceable XSS Attacks
124.Inter Protocol Exploitation
125.Detecting Default Browser in IE
126.Bypass port blocking in Firefox, Opera and Konqueror.
127.LocalRodeo Detection
128.Image Names Gone Bad
129.IE Sends Local Addresses in Referer Header
130.PDF XSS Can Compromise Your Machine
131.Universal XSS in Adobe’s Acrobat Reader Plugin
132.Firefox Popup Blocker Allows Reading Arbitrary Local Files
133.IE7.0 Detector
134.overwriting cookies on other people’s domains in Firefox.
135.Embeding SVG That Contains XSS Using Base64 Encoding in Firefox
136.Firefox Header Redirection JavaScript Execution
137.More URI Stuff…
138.Hacking without 0days: Drive-by Java
139.Google Urchin password theft madness
140.Username Enumeration Vulnerabilities
141.Client-side SQL Injection Attacks
142.Content-Disposition Hacking
143.Flash Cookie Object Tracking
144.Java JAR Attacks and Features
145.Severe XSS in Google and Others due to the JAR protocol issues
146.Web Mayhem: Firefox’s JAR: Protocol issues
147.0DAY: QuickTime pwns Firefox
148.Exploiting Second Life
149.CUPS Detection
150.CSRFing the uTorrent plugin
151.Clickjacking / Videojacking
152.Bypassing URL Authentication and Authorization with HTTP Verb Tampering
153.I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)
154.Safari Carpet Bomb
155.Flash clipboard Hijack
156.Flash Internet Explorer security model bug
157.Frame Injection Fun
158.Free MacWorld Platinum Pass? Yes in 2008!
159.Diminutive Worm, 161 byte Web Worm
160.SNMP XSS Attack (1)
161.Res Timing File Enumeration Without JavaScript in IE7.0
162.Stealing Basic Auth with Persistent XSS
163.Smuggling SMTP through open HTTP proxies
164.Collecting Lots of Free 'Micro-Deposits'
165.Using your browser URL history to estimate gender
166.Cross-site File Upload Attacks
167.Same Origin Bypassing Using Image Dimensions
168.HTTP Proxies Bypass Firewalls
169.Join a Religion Via CSRF
170.Cross-domain leaks of site logins via Authenticated CSS
171.JavaScript Global Namespace Pollution
172.GIFAR
173.HTML/CSS Injections - Primitive Malicious Code
174.Hacking Intranets Through Web Interfaces
175.Cookie Path Traversal
176.Racing to downgrade users to cookie-less authentication
177.MySQL and SQL Column Truncation Vulnerabilities
178.Building Subversive File Sharing With Client Side Applications
179.Firefox XML injection into parse of remote XML
180.Firefox cross-domain information theft
181.Firefox 2 and WebKit nightly cross-domain image theft
182.Browser's Ghost Busters
183.Exploiting XSS vulnerabilities on cookies
184.Breaking Google Gears' Cross-Origin Communication Model
185.Flash Parameter Injection
186.Cross Environment Hopping
187.Exploiting Logged Out XSS Vulnerabilities
188.Exploiting CSRF Protected XSS
189.ActiveX Repurposing, (1, 2)
190.Tunneling tcp over http over sql-injection
191.Arbitrary TCP over uploaded pages
192.Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)
193.JavaScript Code Flow Manipulation
194.Common localhost dns misconfiguration can lead to "same site" scripting
195.Pulling system32 out over blind SQL Injection
196.Dialog Spoofing - Firefox Basic Authentication
197.Skype cross-zone scripting vulnerability
198.Safari pwns Internet Explorer
199.IE "Print Table of Links" Cross-Zone Scripting Vulnerability
200.A different Opera
201.Abusing HTML 5 Structured Client-side Storage
202.SSID Script Injection
203.DHCP Script Injection
204.File Download Injection
205.Navigation Hijacking (Frame/Tab Injection Attacks)
206.UPnP Hacking via Flash
207.Total surveillance made easy with VoIP phone
208.Social Networks Evil Twin Attacks
209.Recursive File Include DoS
210.Multi-pass filters bypass
211.Session Extending
212.Code Execution via XSS (1)
213.Redirector’s hell
214.Persistent SQL Injection
215.JSON Hijacking with UTF-7
216.SQL Smuggling
217.Abusing PHP Sockets (1, 2)
218.CSRF on Novell GroupWise WebAccess
219.Persistent Cookies and DNS Rebinding Redux
220.iPhone SSL Warning and Safari Phishing
221.RFC 1918 Blues
222.Slowloris HTTP DoS
223.CSRF And Ignoring Basic/Digest Auth
224.Hash Information Disclosure Via Collisions - The Hard Way
225.Socket Capable Browser Plugins Result In Transparent Proxy Abuse
226.XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+
227.Session Fixation Via DNS Rebinding
228.Quicky Firefox DoS
229.DNS Rebinding for Credential Brute Force
230.SMBEnum
231.DNS Rebinding for Scraping and Spamming
232.SMB Decloaking
233.De-cloaking in IE7.0 Via Windows Variables
234.itms Decloaking
235.Flash Origin Policy Issues
236.Cross-subdomain Cookie Attacks
237.HTTP Parameter Pollution (HPP)
238.How to use Google Analytics to DoS a client from some website.
239.Our Favorite XSS Filters and how to Attack them
240.Location based XSS attacks
241.PHPIDS bypass
242.I know what your friends did last summer
243.Detecting IE in 12 bytes
244.Detecting browsers javascript hacks
245.Inline UTF-7 E4X javascript hijacking
246.HTML5 XSS
247.Opera XSS vectors
248.New PHPIDS vector
249.Bypassing CSP for fun, no profit
250.Twitter misidentifying context
251.Ping pong obfuscation
252.HTML5 new XSS vectors
253.About CSS Attacks
254.Web pages Detecting Virtualized Browsers and other tricks
255.Results, Unicode Left/Right Pointing Double Angel Quotation Mark
256.Detecting Private Browsing Mode
257.Cross-domain search timing
258.Bonus Safari XXE (only affecting Safari 4 Beta)
259.Apple's Safari 4 also fixes cross-domain XML theft
260.Apple's Safari 4 fixes local file theft attack
261.A more plausible E4X attack
262.A brief description of how to become a CA
263.Creating a rogue CA certificate
264.Browser scheme/slash quirks
265.Cross-protocol XSS with non-standard service ports
266.Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”
267.MD5 extension attack
268.Attack - PDF Silent HTTP Form Repurposing Attacks
269.XSS Relocation Attacks through Word Hyperlinking
270.Hacking CSRF Tokens using CSS History Hack
271.Hijacking Opera’s Native Page using malicious RSS payloads
272.Millions of PDF invisibly embedded with your internal disk paths
273.Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
274.Pwning Opera Unite with Inferno’s Eleven
275.Using Blended Browser Threats involving Chrome to steal files on your computer
276.Bypassing OWASP ESAPI XSS Protection inside Javascript
277.Hijacking Safari 4 Top Sites with Phish Bombs
278.Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency
279.Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF
280.IE8 Link Spoofing - Broken Status Bar Integrity
281.Blind SQL Injection: Inference thourgh Underflow exception
282.Exploiting Unexploitable XSS
283.Clickjacking & OAuth
284.Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk
285.Active Man in the Middle Attacks
286.Cross-Site Identification (XSid)
287.Microsoft IIS with Metasploit evil.asp;.jpg
288.MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency
289.Generic cross-browser cross-domain theft
290.Popup & Focus URL Hijacking
291.Advanced SQL injection to operating system full control (whitepaper)
292.Expanding the control over the operating system from the database
293.HTML+TIME XSS attacks
294.Enumerating logins via Abuse of Functionality vulnerabilities
295.Hellfire for redirectors
296.DoS attacks via Abuse of Functionality vulnerabilities
297.URL Spoofing vulnerability in bots of search engines (#2)
298.URL Hiding - new method of URL Spoofing attacks
299.Exploiting Facebook Application XSS Holes to Make API Requests
300.Unauthorized TinyURL URL Enumeration Vulnerability