Attacks always get better, never worse. That’s what probably what I’ll remember most about 2006. What a year it’s been in web hacking!

Here’s his list:

Web Browser Intranet Hacking / Port Scanning - (with JavaScript and with HTML-only and the improved model).

Internet Explorer 7 “mhtml:” Redirection Information Disclosure.

Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning.

Web Browser History Stealing - (with CSS, evil marketing, JS login-detection, and authenticated images).

Backdooring Media Files (QuickTime, Flash, PDF, Images, Word [2], and MP3′.

Forging HTTP request headers with Flash.

Exponential XSS.

Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII).

Web Worms - (AdultSpace, MySpace, Xanga).

Hacking RSS Feeds.

Link1
http://jeremiahgrossman.blogspot.com/2006/12/top-10-web-hacks-of-2006.html
Link2
http://ha.ckers.org/blog/20061215/top-10-web-hacks-of-2006/