by Julien Ahrens | Wednesday, January 9, 2013 | Advisory
Another day, some new XSS flaws. At first the big fashion label Marc O’Polo fixed a major Cross-Site Scripting issue in their online shop system. Good news, because a malicious attacker was able to use this security hole to hijack (and steal) every account...
by Julien Ahrens | Sunday, December 30, 2012 | Conferences, General
The 29th annual Chaos Communication Congress under the slogan “Not my Department” arrived again in the most beautiful city in the world: Hamburg! The Congress moved from the Congress Center in Berlin, where people had to sit stacked (according to some...
by Julien Ahrens | Tuesday, November 27, 2012 | Advisory
In early November, I found several Cross-Site Scripting vulnerabilites on the official website of the bavarian social democrats (also called “SPD” – which is the oldest political party in Germany) and immediately notified the official press office...
by Julien Ahrens | Wednesday, November 21, 2012 | General
Happy Birthday! Remember, remember, last year in November…My first post “Hello world” was born exactly one year ago, and many things have changed during the past 365 days. I have learned a lot on interesting security topics (and probably...
by Julien Ahrens | Monday, November 19, 2012 | Exploit
Here’s a working exploit for an already disclosed bug – including SafeSEH Bypass – and for the actual version, which is still vulnerable. Sadly. #!/usr/bin/python # Exploit Title: Format Factory v3.0.1 Profile File Handling Buffer Overflow...
