by Julien Ahrens | Saturday, June 8, 2013 | Advisory
Earlier this year, I’ve reported 7 XSS flaws on different pages of the Dutch MSN Entertainment site to the Microsoft Security Response Center (MSRC case #14103cl) and immediately received a response – not as fast as HP did previously on my HP IMC flaw...
by Julien Ahrens | Saturday, May 25, 2013 | Advisory
I’ve reported an interesting Cross-Site Scripting flaw on the official website of ICQ, the world’s probably best known and most used Cross-Platform Messaging application to the developers in February. This flaw potentially allowed an attacker to steal...
by Julien Ahrens | Sunday, May 5, 2013 | Exploit
A few weeks ago, one of my followers asked me if I can help him writing a functional exploit for the current version of the Audio Media Player by ABBS because he’s experiencing problems with successfully exploiting a NULL-byte issue. All exploits that are...
by Julien Ahrens | Wednesday, May 1, 2013 | Certifications
As you may have noticed – it went quiet on my blog in the last few weeks. I was heavily working on the challenging Offensive-Security Labs to obtain my Offensive-Security Certified Professional (OSCP) certification. AND ! Yesterday! I received the mail...
by Julien Ahrens | Saturday, April 13, 2013 | Bug Bounty
Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program. This time the domain www.paypaltech.com was affected, which provides scripts and samples used for...
