tag:blogger.com,1999:blog-13756280.post7361377682159283256..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Top Ten Web Hacking Techniques of 2011Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger40125tag:blogger.com,1999:blog-13756280.post-30593080712659974572012-04-01T06:58:45.065-07:002012-04-01T06:58:45.065-07:00Are we doing the top 10 web hacking techniques for...Are we doing the top 10 web hacking techniques for 2012 as well?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-15639657805997173482012-02-15T10:19:57.061-08:002012-02-15T10:19:57.061-08:00@Erland: Thank you. I added it as #51 here: https:...@Erland: Thank you. I added it as #51 here: https://blog.whitehatsec.com/vote-now-top-ten-web-hacking-techniques-of-2011/Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-40248170356009446952012-02-14T23:59:46.100-08:002012-02-14T23:59:46.100-08:00HashDOS is missingHashDOS is missingErlend Oftedalhttps://www.blogger.com/profile/03464299279558459839noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-83769710943382086232012-02-13T10:56:27.559-08:002012-02-13T10:56:27.559-08:00@Anonymous: yes we will, I'm just way behind.@Anonymous: yes we will, I'm just way behind.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-38872285555416304482012-02-11T20:29:52.881-08:002012-02-11T20:29:52.881-08:00Got a question for you. Please email me
ibeatz@g...Got a question for you. Please email me <br /><br />ibeatz@gmx.comLooneynoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-47382454477041516742012-02-07T08:22:58.688-08:002012-02-07T08:22:58.688-08:00do we have votes this time around also?do we have votes this time around also?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-77452844178555799212012-01-20T01:31:45.337-08:002012-01-20T01:31:45.337-08:00@Jeremiah: could you please check this again:
http...@Jeremiah: could you please check this again:<br />http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/<br /><br />OR<br /><br />http://soroush.secproject.com/downloadable/Unrestricted_File_Download_V1.0.pdf<br /><br />It was sent to you previously, but it is not on this list.Soroushhttp://secproject.comnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-75330588188997282062012-01-06T04:37:38.975-08:002012-01-06T04:37:38.975-08:00Three semicolon vulnerabilities for XSS exploitati...Three semicolon vulnerabilities for XSS exploitation<br />https://superevr.com/blog/2011/three-semicolon-vulnerabilities/Gursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-49727532631529037802012-01-04T18:50:51.477-08:002012-01-04T18:50:51.477-08:00thank u Jeremiah.thank u Jeremiah.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-5057182783873224712012-01-04T10:52:24.515-08:002012-01-04T10:52:24.515-08:00@anonymous: normally I don't list "tools&...@anonymous: normally I don't list "tools", but in your case I made an exception for its uniqueness. Never seen anything like that before and think it could prove useful to many people.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-69015153971316204852012-01-03T18:15:15.757-08:002012-01-03T18:15:15.757-08:00Hey Jeremiah,
Did you get a chance to look at my ...Hey Jeremiah,<br /><br />Did you get a chance to look at my work on TesserCap?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-34481000259800082572012-01-03T11:14:43.561-08:002012-01-03T11:14:43.561-08:00@Matt: #45
@utiputi4ka: #46
@Soroush: #47
Thank...@Matt: #45<br /><br />@utiputi4ka: #46<br /><br />@Soroush: #47<br /><br />Thank you for your research gentlemen, and good luck!Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-89995452464365796122012-01-02T19:49:10.466-08:002012-01-02T19:49:10.466-08:00Chrome/ChromeOS sandbox side step via owning exten...Chrome/ChromeOS sandbox side step via owning extensions and taking advantage of their permissions<br /><br />https://media.blackhat.com/bh-us-11/Johansen/BH_US_11_JohnasenOsborn_Hacking_Google_WP.pdfMatt Johansenhttps://www.blogger.com/profile/07454983595325419775noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-81739553736568935502011-12-30T19:40:13.036-08:002011-12-30T19:40:13.036-08:00Please check this out as well:
http://soroush.secp...Please check this out as well:<br />http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/Soroushhttp://secproject.com/noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-73243377907029365672011-12-23T00:51:08.374-08:002011-12-23T00:51:08.374-08:00Excel formula injection :)
http://dsecrg.blogspot...Excel formula injection :)<br /><br />http://dsecrg.blogspot.com/2011/12/excel-formula-injection-in-google-docs.htmlutiputi4kanoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-81401580056236360692011-12-22T21:50:47.178-08:002011-12-22T21:50:47.178-08:00JSON CSRF with Parameter Padding http://gursevkalr...JSON CSRF with Parameter Padding http://gursevkalra.blogspot.com/2011/12/json-csrf-with-parameter-padding.htmlGursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-41630611060024997152011-12-21T16:25:59.842-08:002011-12-21T16:25:59.842-08:00Plugging myself here:
http://www.justanotherhacke...Plugging myself here:<br /><br />http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.htmlWireghoulhttp://www.justanotherhacker.comnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-42228702664285352002011-12-20T08:38:43.651-08:002011-12-20T08:38:43.651-08:00The very first details of Skype IM (MAC OS X) - Is...The very first details of Skype IM (MAC OS X) - Is this the 0day ? - http://secniche.blogspot.com/2011/05/skype-im-mac-os-x-is-this-0day.htmlAditya K Soodhttps://www.blogger.com/profile/10592122467317696329noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-3137266021159053282011-12-20T04:25:32.235-08:002011-12-20T04:25:32.235-08:00Hi Jeremiah,
I am suggesting two entries from my ...Hi Jeremiah,<br /><br />I am suggesting two entries from my work.<br />1. Evading Content Security Policy With CRLF Injection -- http://gursevkalra.blogspot.com/2011/11/evading-content-security-policy-with.html<br />2. CAPTCHA Hax With TesserCap -- http://gursevkalra.blogspot.com/2011/11/captcha-hax-with-tessercap.htmlGursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-84357329160770506842011-12-20T00:48:28.476-08:002011-12-20T00:48:28.476-08:00This comment has been removed by the author.Gursev Singh Kalrahttps://www.blogger.com/profile/11125392470187170013noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-15336288283799868292011-10-28T15:43:01.766-07:002011-10-28T15:43:01.766-07:00Extending SQL Injection Attacks Using Buffer Overf...Extending SQL Injection Attacks Using Buffer Overflows - http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdfAditya K Soodhttps://www.blogger.com/profile/10592122467317696329noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-86495014067920387972011-07-22T11:43:50.820-07:002011-07-22T11:43:50.820-07:00New technique: Abusing every web site registration...New technique: Abusing every web site registration by breaking their audio captchas. http://bit.ly/q89brXEliehttps://www.blogger.com/profile/16731959220359381744noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-24762972116653160272011-07-22T11:42:00.961-07:002011-07-22T11:42:00.961-07:00New technique:
Tracking users that block cookies w...New technique:<br />Tracking users that block cookies with a HTTP redirect :http://bit.ly/na7YwZEliehttps://www.blogger.com/profile/16731959220359381744noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-91398967726029366452011-07-22T11:40:48.626-07:002011-07-22T11:40:48.626-07:00Tracking users that block cookies with a HTTP redi...Tracking users that block cookies with a HTTP redirect http://bit.ly/na7YwZEliehttps://www.blogger.com/profile/16731959220359381744noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-29874689014928973672011-06-08T17:53:31.058-07:002011-06-08T17:53:31.058-07:00http://www.zurich.ibm.com/~cca/csc2011/talks/pinka...http://www.zurich.ibm.com/~cca/csc2011/talks/pinkas-invited-csc2011.pdf<br />Referrer XSS in IE: http://blog.mindedsecurity.com/2011/03/abusing-referrer-on-explorer-for.html<br />Cookiejacking: https://sites.google.com/site/tentacoloviola/cookiejackingJeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.com