Top Web Hacking Techniques of 2008
A very good and comprehensive list for your reading pleasures:
http://jeremiahgrossman.blogspot.com/2009/01/calling-all-researchers-send-in-top-web.html
The List includes the following hacks:
1. Cross-Site Printing
2. CUPS Detection
3. CSRFing the uTorrent plugin
4. Clickjacking / Videojacking
5. Bypassing URL Authentication and Authorization with HTTP Verb Tampering
6. I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)
7. Safari Carpet Bomb
8. Flash clipboard Hijack
9. Flash Internet Explorer security model bug
10. Frame Injection Fun
11. Free MacWorld Platinum Pass? Yes in 2008!
12. Diminutive Worm, 161 byte Web Worm
13. SNMP XSS Attack (1)
14. Res Timing File Enumeration Without JavaScript in IE7.0
15. Stealing Basic Auth with Persistent XSS
16. Smuggling SMTP through open HTTP proxies
17. Collecting Lots of Free 'Micro-Deposits'
18. Using your browser URL history to estimate gender
19. Cross-site File Upload Attacks
20. Same Origin Bypassing Using Image Dimensions
21. HTTP Proxies Bypass Firewalls
22. Join a Religion Via CSRF
23. Cross-domain leaks of site logins via Authenticated CSS
24. JavaScript Global Namespace Pollution
25. GIFAR
26. HTML/CSS Injections - Primitive Malicious Code
27. Hacking Intranets Through Web Interfaces
28. Cookie Path Traversal
29. Racing to downgrade users to cookie-less authentication
30. MySQL and SQL Column Truncation Vulnerabilities
31. Building Subversive File Sharing With Client Side Applications
32. Firefox XML injection into parse of remote XML
33. Firefox cross-domain information theft (simple text strings, some CSV)
34. Firefox 2 and WebKit nightly cross-domain image theft
35. Browser's Ghost Busters
36. Exploiting XSS vulnerabilities on cookies
37. Breaking Google Gears' Cross-Origin Communication Model
38. Flash Parameter Injection
39. Cross Environment Hopping
40. Exploiting Logged Out XSS Vulnerabilities
41. Exploiting CSRF Protected XSS
42. ActiveX Repurposing, (1, 2)
43. Tunneling tcp over http over sql-injection
44. Arbitrary TCP over uploaded pages
45. Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)
46. JavaScript Code Flow Manipulation
47. Common localhost dns misconfiguration can lead to "same site" scripting
48. Pulling system32 out over blind SQL Injection
49. Dialog Spoofing - Firefox Basic Authentication
50. Skype cross-zone scripting vulnerability
51. Safari pwns Internet Explorer
52. IE "Print Table of Links" Cross-Zone Scripting Vulnerability
53. A different Opera
54. Abusing HTML 5 Structured Client-side Storage
55. SSID Script Injection
56. DHCP Script Injection
57. File Download Injection
58. Navigation Hijacking (Frame/Tab Injection Attacks)
59. UPnP Hacking via Flash
60. Total surveillance made easy with VoIP phone
61. Social Networks Evil Twin Attacks
62. Recursive File Include DoS
63. Multi-pass filters bypass
64. Session Extending
65. Code Execution via XSS (1)
66. Redirector’s hell
67. Persistent SQL Injection
68. JSON Hijacking with UTF-7