applicationlayer

하나씩 공부하자
출처;헐랭이,
       http://jeremiahgrossman.blogspot.com/2010/11/calling-all-security-researchers-submit.html
ASP.NET 'Padding Oracle' Crypto Attack
Attacking HTTPS with Cache Injection
Breaking into a WPA network with a webpage
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
Chrome and Safari users open to stealth HTML5 AppCache attack
Chronofeit Phishing
Converting unimplementable Cookie-based XSS to a persistent attack
Cookie Eviction
Cracking hashes in the JavaScript cloud with Ravan
Cross Site URL Hijacking by using Error Object in Mozilla Firefox
DNS Rebinding on Java Applets
Evercookie
Expanding the Attack Surface
Flash Camera and Mic Remember Function and XSS
Fooling B64_Encode(Payload) on WAFs and filters
Generic cross-browser cross-domain theft
Get Internal Network Information with Java Applets
Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation
Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox, Internet Explorer)
How to Conceal XSS Injection in HTML5
IIS5.1 Directory Authentication Bypass by using ":$I30:$Index_Allocation"
IIS6/ASP & file upload for fun and profit
Improving HTTPS Side Channel Attacks
Internal Port Scanning via Crystal Reports
Java Applet Same IP Host Access
Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem
JavaSnoop
Lost in Translation (ASP’s HomoXSSuality)
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user
MitM DNS Rebinding SSL/TLS Wildcards and XSS
MySQL Stacked Queries with SQL Injection...sort of
NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward)
Next Generation Clickjacking
No Alnum JavaScript (cheat sheet, jjencode demo)
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick
Non-Obvious (Crypto) Bugs by Example
One vector to rule them all
Penetrating Intranets through Adobe Flex Applications
Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers
Persistent Cross Interface Attacks
Poisoning proxy caches using Java/Flash/Web Sockets
Popup & Focus URL Hijacking
Port Scanning with HTML5 and JS-Recon
Posting raw XML cross-domain
Quick Proxy Detection
Re-visiting JAVA De-serialization: It can't get any simpler than this !!
SQLi filter evasion cheat sheet (MySQL)
Side Channel Attacks in SSL
Stealing entire Auto-Complete data in Google Chrome
Stored XSS Vulnerability @ Amazon
Stroke triggered XSS and StrokeJacking
Strokejacking
Tapjacking: owning smartphone browsers
The curse of inverse strokejacking
Turning XSS into Clickjacking
Universal XSS in IE8
Using Cookies For Selective DoS and State Detection
Will it Blend?
XSHM Mark 2
XSS-Track: How to quietly track a whole website through single XSS
XSSing client-side dynamic HTML includes by hiding HTML inside images and more
padding oracle web attack (poet, Padbuster, demo)
phpwn: Attack on PHP sessions and random numbers
출처:최근의 웹 해킹 기술