Hacking News

Úvod  Android (22)  Komunikace(28)  Databáze(39)  Hardware(11)  Infrastruktura(7)  Mobil(18)  LAN(26)   Social site (6)  Software(3)  Virus(66)  Web(724)  VoIP (5)  All




24.4.2017 Patching auto-complete vulnerabilities not enough, Cookie Eviction to the rescue Web
24.4.2017 Converting unimplementable Cookie-based XSS to a persistent attack Web
24.4.2017 phpwn: Attack on PHP sessions and random numbers Web
24.4.2017 NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward) Web
24.4.2017 Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user Web
24.4.2017 Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution Web
24.4.2017 Stealing entire Auto-Complete data in Google Chrome Web
24.4.2017 Chrome and Safari users open to stealth HTML5 AppCache attack Web
24.4.2017 DNS Rebinding on Java Applets Web
24.4.2017 ...because you can't get enough of clickjacking Web
24.4.2017 The curse of inverse strokejacking Web
24.4.2017 Re-visiting JAVA De-serialization: It can't get any simpler than this !! Web
24.4.2017 Fooling B64_Encode(Payload) on WAFs and filters Web
24.4.2017 MySQL Stacked Queries with SQL Injection...sort of Web
24.4.2017 A Twitter DomXss, a wrong fix and something more Web
24.4.2017 Get Internal Network Information with Java Applets Web
24.4.2017 Penetrating Intranets Through Adobe Flex Applications Web
24.4.2017 Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem  Java Applet Same IP Host Access Web
24.4.2017 Posting raw XML cross-domain Web
24.4.2017 Generic cross-browser cross-domain theft Web
24.4.2017 The Spanner Web
24.4.2017 dollars javascript code – yet another Javascript obfuscation method for cc frauds Web
23.4.2017 XSS in Skype for iOS Web
23.4.2017 Fuzzing browsers in 2014 Web
23.4.2017 SurveyMonkey: IP Spoofing Web
23.4.2017 Using Cross-domain images in WebGL and Chrome 13 Web
23.4.2017 Filejacking How to make a file server from your browser Web
23.4.2017 Exploitation of “Self-Only” Cross-Site Scripting in Google Code Web
23.4.2017 Text-based CAPTCHA Strengths and Weaknesses Web
23.4.2017 Cross domain content extraction with fake captcha Web
23.4.2017 Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java Web
23.4.2017 DNS poisoning via Port Exhaustion Web
23.4.2017 Java Applet Same-Origin Policy Bypass via HTTP Redirect Web
23.4.2017 CAPTCHA Hax With TesserCap Web
23.4.2017 How To Own Every User On A Social Networking Site Web
23.4.2017 Expression Language Injection Web
23.4.2017 Hacking Google Chrome Web
23.4.2017 Crowd-sourcing mischief on Google Maps leads customers astray Web
23.4.2017 Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) Web
23.4.2017 CVE-2011-3230 - Launch any file path from web page Web
23.4.2017 Bypassing Chrome’s Anti-XSS filter Web
23.4.2017 JSON-based XSS exploitation Web
23.4.2017 BEAST  Web
23.4.2017 Abusing Internet Explorer 8's XSS Filter Web
23.4.2017 evercookie Web
23.4.2017 Breaking Browsers: Hacking Auto-Complete Web
23.4.2017 Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution Web
23.4.2017 JAVASNOOP Web
23.4.2017 Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem Web
23.4.2017 DNS Rebinding on Java Applets Web
23.4.2017 Practical Padding Oracle Attack Web
11.4.2017 Abusing HTTP Status Codes to Expose Private Information Web
11.4.2017 SpyTunes Web
11.4.2017 CSRF: Flash + 307 redirect = Game Over Web
11.4.2017 Tracking users that block cookies with a HTTP redirect Web
11.4.2017 The Failure of Noise-Based Non-Continuous Audio Captchas Web
11.4.2017 Kindle Touch (5.0) Jailbreak/Root and SSH Web
11.4.2017 NULLs in entities in Firefox Web
11.4.2017 Timing Attacks on CSS Shaders Web
11.4.2017 CSRF with JSON – leveraging XHR and CORS Web
11.4.2017 Double eval() for DOM based XSS Web
11.4.2017 New security vulnerability: Lotus Notes Formula Injection Web
11.4.2017 Stripping Referrer for fun and profit Web
11.4.2017 How to upload arbitrary file contents cross-domain Web
11.4.2017 Exploiting the unexploitable XSS with clickjacking Web
11.4.2017 How to get SQL query contents from SQL injection flaw Web
11.4.2017 XSS-Track as a HTML5 WebSockets traffic sniffer  Web
22.2.2017 Binary planting Web
22.2.2017 Blind SQL Injection Web
22.2.2017 Blind XPath Injection Web
22.2.2017 Brute force attack Web
22.2.2017 Buffer overflow attack Web
20.2.2017 SMTP over XXE Web
20.2.2017 A portscan by email − HTTP over X.509 revisited Web
20.2.2017 Geohashing with GPX files and QLandkarte GT Web
20.2.2017 Shell injection without whitespace Web
20.2.2017 Evading AVs using the XML Data Package (XDP) format Web
20.2.2017 Language-dependant spellchecking within sup Web