/hvaonline/posts/list/13.html JForum - http://www.jforum.net 1. BEAST (by: Thai Duong and Juliano Rizzo) 2. Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java (by: Johannes Dahse) 3. DNS poisoning via Port Exhaustion (by: Roee Hay and Yair Amit) 4. DOMinator – Finding DOMXSS with dynamic taint propagation (by: Stefano Di Paola) 5. Abusing Flash-Proxies for client-side cross-domain HTTP requests (by: Martin Johns and Sebastian Lekies) 6. Expression Language Injection (by: Stefano Di Paola and Arshan Dabirsiaghi) 7. Java Applet Same-Origin Policy Bypass via HTTP Redirect (by: Neal Poole) 8. CAPTCHA Hax With TesserCap (by: Gursev Kalra) 9. Bypassing Chrome’s Anti-XSS filter (by: Nick Nikiforakis) 10. CSRF: Flash + 307 wwwect = Game Over (by: Phillip Purviance)   xem đường dẫn đến các tấn công ở đây: https://blog.whitehatsec.com/vote-now-top-ten-web-hacking-techniques-of-2011/. bây giờ chúng ta hãy thảo luận về từng tấn công. -m ]]> /hvaonline/posts/list/41401.html#256382 /hvaonline/posts/list/41401.html#256382 GMT