'0x04 reference'에 해당되는 글 3건

  1. 2009.03.09 php fuzzing_auditing version 1
  2. 2009.02.28 TOP WEB 2.0 SECURITY THREATS
  3. 2009.02.26 Top Ten Web Hacking Techniques of 2008
0x04 reference2009. 3. 9. 15:27

php fuzzing_auditing version


php-fuzzing-auditing-version-10.pdf

아직 않읽었음.

// 4층 공사+청소, final
Posted by 김주일
0x04 reference2009. 2. 28. 18:11

TOP WEB 2.0 SECURITY THREATS

출 처 : http://www.secure-enterprise20.org/files/Top%20Web%202%200%20Security%20Threats.pdf

Top Web 2 0 Security Threats.pdf


메일링 읽다가 링크에 링크를 거쳐 읽게된 문서.
개방, 상호간의 대화를 지향하는 웹2.0 에서도 현재 알려진 취약점들이 공통으로 적용된다는 것을 말하고 있다.
상세한 설명보다는 취약점에 대한 가이드라인정도를 이야기 하고 있다.

식상할 수도 있지만(이런 거만한 인간같으니,, 글작성하는 사람을 생각하자..) 가볍게 한번쯤  꼭 읽어 두자.

// 계획, 산책, 삼선볶은밥, 라면, 차문뜯기, 엔초비에 사고침(훈형)
Posted by 김주일
0x04 reference2009. 2. 26. 10:02

Top Ten Web Hacking Techniques of 2008


출처 : http://jeremiahgrossman.blogspot.com/2009/02/top-ten-web-hacking-techniques-of-2008.html


1. GIFAR
(Billy Rios, Nathan McFeters, Rob Carter, and John Heasman)

2. Breaking Google Gears' Cross-Origin Communication Model
(Yair Amit)

3. Safari Carpet Bomb
(Nitesh Dhanjani)

4. Clickjacking / Videojacking
(Jeremiah Grossman and Robert Hansen)

5. A Different Opera
(Stefano Di Paola)

6. Abusing HTML 5 Structured Client-side Storage
(Alberto Trivero)

7. Cross-domain leaks of site logins via Authenticated CSS
(Chris Evans and Michal Zalewski)

8. Tunneling TCP over HTTP over SQL Injection
(Glenn Wilkinson, Marco Slaviero and Haroon Meer)

9. ActiveX Repurposing
(Haroon Meer)

10. Flash Parameter Injection
(Yuval Baror, Ayal Yogev, and Adi Sharabani)




참고자료
  1. CUPS Detection
  2. CSRFing the uTorrent plugin
  3. Clickjacking / Videojacking
  4. Bypassing URL Authentication and Authorization with HTTP Verb Tampering
  5. I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)
  6. Safari Carpet Bomb
  7. Flash clipboard Hijack
  8. Flash Internet Explorer security model bug
  9. Frame Injection Fun
  10. Free MacWorld Platinum Pass? Yes in 2008!
  11. Diminutive Worm, 161 byte Web Worm
  12. SNMP XSS Attack (1)
  13. Res Timing File Enumeration Without JavaScript in IE7.0
  14. Stealing Basic Auth with Persistent XSS
  15. Smuggling SMTP through open HTTP proxies
  16. Collecting Lots of Free 'Micro-Deposits'
  17. Using your browser URL history to estimate gender
  18. Cross-site File Upload Attacks
  19. Same Origin Bypassing Using Image Dimensions
  20. HTTP Proxies Bypass Firewalls
  21. Join a Religion Via CSRF
  22. Cross-domain leaks of site logins via Authenticated CSS
  23. JavaScript Global Namespace Pollution
  24. GIFAR
  25. HTML/CSS Injections - Primitive Malicious Code
  26. Hacking Intranets Through Web Interfaces
  27. Cookie Path Traversal
  28. Racing to downgrade users to cookie-less authentication
  29. MySQL and SQL Column Truncation Vulnerabilities
  30. Building Subversive File Sharing With Client Side Applications
  31. Firefox XML injection into parse of remote XML
  32. Firefox cross-domain information theft (simple text strings, some CSV)
  33. Firefox 2 and WebKit nightly cross-domain image theft
  34. Browser's Ghost Busters
  35. Exploiting XSS vulnerabilities on cookies
  36. Breaking Google Gears' Cross-Origin Communication Model
  37. Flash Parameter Injection
  38. Cross Environment Hopping
  39. Exploiting Logged Out XSS Vulnerabilities
  40. Exploiting CSRF Protected XSS
  41. ActiveX Repurposing, (1, 2)
  42. Tunneling tcp over http over sql-injection
  43. Arbitrary TCP over uploaded pages
  44. Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)
  45. JavaScript Code Flow Manipulation
  46. Common localhost dns misconfiguration can lead to "same site" scripting
  47. Pulling system32 out over blind SQL Injection
  48. Dialog Spoofing - Firefox Basic Authentication
  49. Skype cross-zone scripting vulnerability
  50. Safari pwns Internet Explorer
  51. IE "Print Table of Links" Cross-Zone Scripting Vulnerability
  52. A different Opera
  53. Abusing HTML 5 Structured Client-side Storage
  54. SSID Script Injection
  55. DHCP Script Injection
  56. File Download Injection
  57. Navigation Hijacking (Frame/Tab Injection Attacks)
  58. UPnP Hacking via Flash
  59. Total surveillance made easy with VoIP phone
  60. Social Networks Evil Twin Attacks
  61. Recursive File Include DoS
  62. Multi-pass filters bypass
  63. Session Extending
  64. Code Execution via XSS (1)
  65. Redirector’s hell
  66. Persistent SQL Injection
  67. JSON Hijacking with UTF-7
  68. SQL Smuggling
  69. Abusing PHP Sockets (1, 2)
  70. CSRF on Novell GroupWise WebAccess
저작자표시 비영리 변경금지
Posted by demantos

티스토리툴바