Unusual Web Bugs

A Web App Hacker’s Bag O’ Tricks Unusual Web Bugs Alex “kuza55” K. [email_address] http://kuza55.blogspot.com/

I'm ,[object Object],[object Object],[object Object]

This talk is ,[object Object],[object Object],[object Object],[object Object],[object Object]

Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Exploiting Logged Out XSS Vulnerabilities ,[object Object],[object Object],[object Object],[object Object]

Browser Password Manager Abuse ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Session Fixation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Persisting XSS ,[object Object],[object Object]

$_REQUEST Variable Fixation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

DOM Based XSS via Persistent Data Stores ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Exploiting Logged Out XSS Vulnerabilities ,[object Object],[object Object],[object Object]

Reading the Browser Cache Via XSS ,[object Object],[object Object],[object Object],[object Object]

Semi-Logging the user out ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

CSRF Protected XSS ,[object Object],[object Object],[object Object],[object Object]

General Case ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Persistent Self-Only CSRF Protected XSS ,[object Object],[object Object],[object Object],[object Object]

CAPTCHA Protected XSS ,[object Object],[object Object],[object Object],[object Object],[object Object]

XSS via HTTP Headers ,[object Object],[object Object],[object Object]

General Case ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

CGI 1.1 Abuse ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

File Uploads ,[object Object],[object Object],[object Object],[object Object]

Dangerous File Extensions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

mod_mime Issues ,[object Object],[object Object],[object Object],[object Object]

Assorted Injections ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

FindMimeFromData (IE)‏ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

FindMimeFromData (IE)‏ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

FindMimeFromData (IE)‏ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Range/Request-Range Issues ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Range/Request-Range Issues ,[object Object],[object Object],[object Object],[object Object]

Range/Request-Range Issues ,[object Object],[object Object],[object Object]

Implicit Typeasting in PHP ,[object Object],[object Object],[object Object],[object Object],[object Object]

Timeout Attack against PHP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Encoding Fun ,[object Object],[object Object],[object Object],[object Object]

[My]SQL Injection Encoding Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

[My]SQL Injection Encoding Attacks Method 1 ,[object Object],[object Object],[object Object]

[My]SQL Injection Encoding Attacks Method 2 ,[object Object],[object Object],[object Object]

[My]SQL Injection Encoding Attacks Fuzzer Results ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

[My]SQL Injection Encoding Attacks Who actually does this? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Variable Width Character Encoding ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

HTML Entity Encoding ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

HTML Entity Encoding ,[object Object],[object Object],[object Object],[object Object],[object Object]

Admin Only SQL Injection ,[object Object],[object Object],[object Object],[object Object]

[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Admin Only SQL Injection + CSRF

A real ‘one-click’ attack ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Understanding the Cookie Policy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

XSS via non-web servers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Untraceable XSS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Unusual Web Bugs

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (19)

Destaque

Destaque (6)

Semelhante a Unusual Web Bugs

Semelhante a Unusual Web Bugs (20)

Mais de amiable_indian

Mais de amiable_indian (20)

Último

Último (20)

Unusual Web Bugs