Hacking News

Úvod  Komunikace(28)  Databáze(39)  Hardwarové(4)  Infrastruktura(7)  Mobil(18)  LAN(26)  Software(3)  Virus(66)  Web(724)  VoIP (5)  All




24.4.2017Patching auto-complete vulnerabilities not enough, Cookie Eviction to the rescueWeb
24.4.2017Converting unimplementable Cookie-based XSS to a persistent attackWeb
24.4.2017phpwn: Attack on PHP sessions and random numbersWeb
24.4.2017NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward)Web
24.4.2017Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the userWeb
24.4.2017Bypassing CSRF protections with ClickJacking and HTTP Parameter PollutionWeb
24.4.2017Stealing entire Auto-Complete data in Google ChromeWeb
24.4.2017Chrome and Safari users open to stealth HTML5 AppCache attackWeb
24.4.2017DNS Rebinding on Java AppletsWeb
24.4.2017...because you can't get enough of clickjackingWeb
24.4.2017The curse of inverse strokejackingWeb
24.4.2017Re-visiting JAVA De-serialization: It can't get any simpler than this !!Web
24.4.2017Fooling B64_Encode(Payload) on WAFs and filtersWeb
24.4.2017MySQL Stacked Queries with SQL Injection...sort ofWeb
24.4.2017A Twitter DomXss, a wrong fix and something moreWeb
24.4.2017Get Internal Network Information with Java AppletsWeb
24.4.2017Penetrating Intranets Through Adobe Flex ApplicationsWeb
24.4.2017Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem  Java Applet Same IP Host AccessWeb
24.4.2017Posting raw XML cross-domainWeb
24.4.2017Generic cross-browser cross-domain theftWeb
24.4.2017The SpannerWeb
24.4.2017dollars javascript code – yet another Javascript obfuscation method for cc fraudsWeb
23.4.2017XSS in Skype for iOSWeb
23.4.2017Fuzzing browsers in 2014Web
23.4.2017SurveyMonkey: IP SpoofingWeb
23.4.2017Using Cross-domain images in WebGL and Chrome 13Web
23.4.2017Filejacking How to make a file server from your browserWeb
23.4.2017Exploitation of “Self-Only” Cross-Site Scripting in Google CodeWeb
23.4.2017Text-based CAPTCHA Strengths and WeaknessesWeb
23.4.2017Cross domain content extraction with fake captchaWeb
23.4.2017Multiple vulnerabilities in Apache Struts2 and property oriented programming with JavaWeb
23.4.2017DNS poisoning via Port ExhaustionWeb
23.4.2017Java Applet Same-Origin Policy Bypass via HTTP RedirectWeb
23.4.2017CAPTCHA Hax With TesserCapWeb
23.4.2017How To Own Every User On A Social Networking SiteWeb
23.4.2017Expression Language InjectionWeb
23.4.2017Hacking Google ChromeWeb
23.4.2017Crowd-sourcing mischief on Google Maps leads customers astrayWeb
23.4.2017Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)Web
23.4.2017CVE-2011-3230 - Launch any file path from web pageWeb
23.4.2017Bypassing Chrome’s Anti-XSS filterWeb
23.4.2017JSON-based XSS exploitationWeb
23.4.2017BEAST  Web
23.4.2017Abusing Internet Explorer 8's XSS FilterWeb
23.4.2017Breaking Browsers: Hacking Auto-CompleteWeb
23.4.2017Bypassing CSRF protections with ClickJacking and HTTP Parameter PollutionWeb
23.4.2017Java DSN Rebinding + Java Same IP Policy = The Internet MayhemWeb
23.4.2017DNS Rebinding on Java AppletsWeb
23.4.2017Practical Padding Oracle AttackWeb
11.4.2017Abusing HTTP Status Codes to Expose Private InformationWeb
11.4.2017CSRF: Flash + 307 redirect = Game OverWeb
11.4.2017Tracking users that block cookies with a HTTP redirectWeb
11.4.2017The Failure of Noise-Based Non-Continuous Audio CaptchasWeb
11.4.2017Kindle Touch (5.0) Jailbreak/Root and SSHWeb
11.4.2017NULLs in entities in FirefoxWeb
11.4.2017Timing Attacks on CSS ShadersWeb
11.4.2017CSRF with JSON – leveraging XHR and CORSWeb
11.4.2017Double eval() for DOM based XSSWeb
11.4.2017New security vulnerability: Lotus Notes Formula InjectionWeb
11.4.2017Stripping Referrer for fun and profitWeb
11.4.2017How to upload arbitrary file contents cross-domainWeb
11.4.2017Exploiting the unexploitable XSS with clickjackingWeb
11.4.2017How to get SQL query contents from SQL injection flawWeb
11.4.2017XSS-Track as a HTML5 WebSockets traffic sniffer  Web
22.2.2017Binary plantingWeb
22.2.2017Blind SQL InjectionWeb
22.2.2017Blind XPath InjectionWeb
22.2.2017Brute force attackWeb
22.2.2017Buffer overflow attackWeb
20.2.2017SMTP over XXEWeb
20.2.2017A portscan by email − HTTP over X.509 revisitedWeb
20.2.2017Geohashing with GPX files and QLandkarte GTWeb
20.2.2017Shell injection without whitespaceWeb
20.2.2017Evading AVs using the XML Data Package (XDP) formatWeb
20.2.2017Language-dependant spellchecking within supWeb