Top Ten Web Hacking Techniques of 2008 – Jeremiah Grossman

Viewing 0 reply threads
  • Author
    Posts
    • #3459
      Jhaddix
      Participant

      The survey, judged by Rich Mogull, Chris Hoff, H D Moore, and Jeff Forristal, is an awesome listing of of web attacks.

      Go to JG’s blog for click able links for each exploit.

      Top Ten Web Hacking Techniques of 2008 (Official)
      We searched far and wide collecting as many Web Hacking Techniques published in 2008 as possible — ~70 in all. These new and innovative techniques were analyzed and ranked based upon their novelty, impact, and pervasiveness. The 2008 competition was exceptionally fierce and our panel of judges (Rich Mogull, Chris Hoff, H D Moore, and Jeff Forristal) had their work cut out for them. For any researcher, or “breaker” if you prefer, simply the act of creating something unique enough to appear on the list is no small feat. That much should be considered an achievement. In the end, ten Web hacking techniques rose head and shoulders above.

      Supreme honors go to Billy Rios, Nathan McFeters, Rob Carter, and John Heasman for GIFAR! The judges were convinced their work stood out amongst the field. Beyond industry recognition, they also will receive the free pass to Black Hat USA 2009 (generously sponsored by Black Hat)! Now they have to fight over it. 😉

      Congratulations to all!

      Coming up at SnowFROC AppSec 2009 and RSA Conference 2009 it will be my great privilege to highlight the results. Each of the top ten techniques will be described in technical detail for how they work, what they can do, who they affect, and how best to defend against them. The opportunity provides a chance to get a closer look at the new attacks that could be used against us in the future — some of which already have.

      Top Ten Web Hacking Techniques of 2008!

      1. GIFAR
      (Billy Rios, Nathan McFeters, Rob Carter, and John Heasman)

      2. Breaking Google Gears’ Cross-Origin Communication Model
      (Yair Amit)

      3. Safari Carpet Bomb
      (Nitesh Dhanjani)

      4. Clickjacking / Videojacking
      (Jeremiah Grossman and Robert Hansen)

      5. A Different Opera
      (Stefano Di Paola)

      6. Abusing HTML 5 Structured Client-side Storage
      (Alberto Trivero)

      7. Cross-domain leaks of site logins via Authenticated CSS
      (Chris Evans and Michal Zalewski)

      8. Tunneling TCP over HTTP over SQL Injection
      (Glenn Willinson, Marco Slaviero and Haroon Meer)

      9. ActiveX Repurposing
      (Haroon Meer)

      10. Flash Parameter Injection
      (Yuval Baror, Ayal Yogev, and Adi Sharabani)

      The List

        1. CUPS Detection
        2. CSRFing the uTorrent plugin
        3. Clickjacking / Videojacking
        4. Bypassing URL Authentication and Authorization with HTTP Verb Tampering
        5. I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)
        6. Safari Carpet Bomb
        7. Flash clipboard Hijack
        8. Flash Internet Explorer security model bug
        9. Frame Injection Fun
        10. Free MacWorld Platinum Pass? Yes in 2008!
        11. Diminutive Worm, 161 byte Web Worm
        12. SNMP XSS Attack (1)
        13. Res Timing File Enumeration Without JavaScript in IE7.0
        14. Stealing Basic Auth with Persistent XSS
        15. Smuggling SMTP through open HTTP proxies
        16. Collecting Lots of Free ‘Micro-Deposits’
        17. Using your browser URL history to estimate gender
        18. Cross-site File Upload Attacks
        19. Same Origin Bypassing Using Image Dimensions
        20. HTTP Proxies Bypass Firewalls
        21. Join a Religion Via CSRF
        22. Cross-domain leaks of site logins via Authenticated CSS
        23. JavaScript Global Namespace Pollution
        24. GIFAR
        25. HTML/CSS Injections – Primitive Malicious Code
        26. Hacking Intranets Through Web Interfaces
        27. Cookie Path Traversal
        28. Racing to downgrade users to cookie-less authentication
        29. MySQL and SQL Column Truncation Vulnerabilities
        30. Building Subversive File Sharing With Client Side Applications
        31. Firefox XML injection into parse of remote XML
        32. Firefox cross-domain information theft (simple text strings, some CSV)
        33. Firefox 2 and WebKit nightly cross-domain image theft
        34. Browser’s Ghost Busters
        35. Exploiting XSS vulnerabilities on cookies
        36. Breaking Google Gears’ Cross-Origin Communication Model
        37. Flash Parameter Injection
        38. Cross Environment Hopping
        39. Exploiting Logged Out XSS Vulnerabilities
        40. Exploiting CSRF Protected XSS
        41. ActiveX Repurposing, (1, 2)
        42. Tunneling tcp over http over sql-injection
        43. Arbitrary TCP over uploaded pages
        44. Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)
        45. JavaScript Code Flow Manipulation
        46. Common localhost dns misconfiguration can lead to “same site” scripting
        47. Pulling system32 out over blind SQL Injection
        48. Dialog Spoofing – Firefox Basic Authentication
        49. Skype cross-zone scripting vulnerability
        50. Safari pwns Internet Explorer
        51. IE “Print Table of Links” Cross-Zone Scripting Vulnerability
        52. A different Opera
        53. Abusing HTML 5 Structured Client-side Storage
        54. SSID Script Injection
        55. DHCP Script Injection
        56. File Download Injection
        57. Navigation Hijacking (Frame/Tab Injection Attacks)
        58. UPnP Hacking via Flash
        59. Total surveillance made easy with VoIP phone
        60. Social Networks Evil Twin Attacks
        61. Recursive File Include DoS
        62. Multi-pass filters bypass
        63. Session Extending
        64. Code Execution via XSS (1)
        65. Redirector’s hell
        66. Persistent SQL Injection
        67. JSON Hijacking with UTF-7
        68. SQL Smuggling
        69. Abusing PHP Sockets (1, 2)
        70. CSRF on Novell GroupWise WebAccess

Viewing 0 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?