List of Web Hacking Techniques iPhone SSL Warning and Safari Phishing RFC 1918 Blues Slowloris HTTP DoS CSRF And Ignoring Basic/Digest Auth Hash Information Disclosure Via Collisions - The Hard Way Socket Capable Browser Plugins Result In Transparent Proxy Abuse XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+ Session Fixation Via DNS Rebinding Quicky Firefox DoS DNS Rebinding for Credential Brute Force SMBEnum DNS Rebinding for Scraping and Spamming SMB Decloaking De-cloaking in IE7.0 Via Windows Variables itms Decloaking Flash Origin Policy Issues Cross-subdomain Cookie Attacks HTTP Parameter Pollution (HPP) How to use Google Analytics to DoS a client from some website. Our Favorite XSS Filters and how to Attack them Location based XSS attacks PHPIDS bypass I know what your friends did last summer Detecting IE in 12 bytes Detecting browsers javascript hacks Inline UTF-7 E4X javascript hijacking HTML5 XSS Opera XSS vectors New PHPIDS vector Bypassing CSP for fun, no profit Twitter misidentifying context Ping pong obfuscation HTML5 new XSS vectors About CSS Attacks Web pages Detecting Virtualized Browsers and other tricks Results, Unicode Left/Right Pointing Double Angel Quotation Mark Detecting Private Browsing Mode Cross-domain search timing Bonus Safari XXE (only affecting Safari 4 Beta) Apple's Safari 4 also fixes cross-domain XML theft Apple's Safari 4 fixes local file theft attack A more plausible E4X attack A brief description of how to become a CA Creating a rogue CA certificate Browser scheme/slash quirks Cross-protocol XSS with non-standard service ports Forget sidejacking, clickjacking, and carjacking: enter “Formjacking” MD5 extension attack Attack - PDF Silent HTTP Form Repurposing Attacks XSS Relocation Attacks through Word Hyperlinking Hacking CSRF Tokens using CSS History Hack Hijacking Opera’s Native Page using malicious RSS payloads Millions of PDF invisibly embedded with your internal disk paths Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection Pwning Opera Unite with Inferno’s Eleven Using Blended Browser Threats involving Chrome to steal files on your computer Bypassing OWASP ESAPI XSS Protection inside Javascript Hijacking Safari 4 Top Sites with Phish Bombs Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF IE8 Link Spoofing - Broken Status Bar Integrity Blind SQL Injection: Inference thourgh Underflow exception Exploiting Unexploitable XSS Clickjacking & OAuth Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk Active Man in the Middle Attacks Cross-Site Identification (XSid) Microsoft IIS with Metasploit evil.asp;.jpg MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency Generic cross-browser cross-domain theft Popup & Focus URL Hijacking Advanced SQL injection to operating system full control (whitepaper) Expanding the control over the operating system from the database HTML+TIME XSS attacks Enumerating logins via Abuse of Functionality vulnerabilities Hellfire for redirectors DoS attacks via Abuse of Functionality vulnerabilities URL Spoofing vulnerability in bots of search engines (#2) URL Hiding - new method of URL Spoofing attacks Exploiting Facebook Application XSS Holes to Make API Requests Unauthorized TinyURL URL Enumeration Vulnerability