Nytro Posted May 7, 2011 Report Share Posted May 7, 2011 Attacking with HTML5By, Lavakumar KuppanAttack and Defense Labs - Offensive & Defensive Security ResearchOctober 18, 2010Introduction:HTML5 is redefining the ground rules for future Web Applications by providing a rich set of new features and by extending existing features and APIs. HTML5 Security is still an unexplored region because HTML5 features are not yet adopted by web applications (apart from experimental support) and it is assumed that until that happens the end users have nothing to worry about.This paper would prove this assumption wrong by discussing a range of attacks that can be carried out on web users ‘right now’ even on websites that do not support or intend to support HTML5 in the near future. Browser vendors have been trying to outdo each other in supporting the latest features defined in the HTML5 spec. This has exposed the users of these browsers to the attacks that would be discussed in this paper.The initial sections of this paper cover attacks and research that have been published by me and other researchers earlier this year. The latter sections covers attacks that are completely new and exclusive.The list of attacks covered:1)Cross?site Scripting via HTML52)Reverse Web Shells with COR3)Clickjacking via HTML5a.Text?field Injectionb.IFRAME Sandboxing4)HTML5 Cache Poisoning5)Client?side RFI6)Cross?site Posting7)Network Reconnaissancea.Port Scanningb.Network Scanningc.Guessing user’s Private IP8)HTML5 Botnetsa.Botnet creationi.Reaching out to victimsii.Extending execution life?timeb.Botnets based attacksi.DDoS attacksii.Email spamiii.Distributed Password CrackingDownload:http://www.exploit-db.com/download_pdf/17258 Quote Link to comment Share on other sites More sharing options...
qbert Posted May 7, 2011 Report Share Posted May 7, 2011 check out: d0z.me Quote Link to comment Share on other sites More sharing options...
