CQ-CSER » Hack http://cq-cser.cn 计算机爱好者 Sun, 15 Jan 2012 08:17:54 +0000 en hourly 1 http://wordpress.org/?v=3.0 Top Ten Web Hacking Techniques of 2009! http://cq-cser.cn/2010/01/top-ten-web-hacking-techniques-of-2009/ http://cq-cser.cn/2010/01/top-ten-web-hacking-techniques-of-2009/#comments Fri, 15 Jan 2010 03:24:04 +0000 cq http://cq-cser.cn/?p=651
  • CRLF Injection
  • 四年300个攻击技术总结
  • A new approach to China[zz]
    • ]]>     Jeremiah Grossman 一直有做这种收集的和评选工作,还是比较具有代表意义的。放眼望去,确实还都是些好文章。

    原文:

    http://feedproxy.google.com/~r/JeremiahGrossman/~3/2LGGL8bgrJI/top-ten-web-hacking-techniques-of-2009.html

    Top Ten Web Hacking Techniques of 2009!

    1. Creating a rogue CA certificate
    Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger

    2. HTTP Parameter Pollution (HPP)
    Luca Carettoni, Stefano diPaola

    3. Flickr’s API Signature Forgery Vulnerability (MD5 extension attack)
    Thai Duong and Juliano Rizzo

    4. Cross-domain search timing
    Chris Evans

    5. Slowloris HTTP DoS
    Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu & Ivan Ristic – “Programming Model Attacks” section of Apache Security for describing the attack, but did not produce a tool)

    6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug)
    Soroush Dalili

    7. Exploiting unexploitable XSS
    Stephen Sclafani

    8. Our Favorite XSS Filters and how to Attack them
    Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)

    9. RFC1918 Caching Security Issues
    Robert Hansen

    10. DNS Rebinding (3-part series Persistent Cookies, Scraping & Spamming, and Session Fixation)
    Robert Hansen

    Related posts:

    1. CRLF Injection
    2. 四年300个攻击技术总结
    3. A new approach to China[zz]

    ]]>     http://cq-cser.cn/2010/01/top-ten-web-hacking-techniques-of-2009/feed/ 0