by Julien Ahrens | Wednesday, January 9, 2013 | Advisory
Another day, some new XSS flaws. At first the big fashion label Marc O’Polo fixed a major Cross-Site Scripting issue in their online shop system. Good news, because a malicious attacker was able to use this security hole to hijack (and steal) every account...
by Julien Ahrens | Sunday, December 30, 2012 | Conferences, General
The 29th annual Chaos Communication Congress under the slogan “Not my Department” arrived again in the most beautiful city in the world: Hamburg! The Congress moved from the Congress Center in Berlin, where people had to sit stacked (according to some...
by Julien Ahrens | Tuesday, November 27, 2012 | Advisory
In early November, I found several Cross-Site Scripting vulnerabilites on the official website of the bavarian social democrats (also called “SPD” – which is the oldest political party in Germany) and immediately notified the official press office...
by Julien Ahrens | Wednesday, November 21, 2012 | General
Happy Birthday! Remember, remember, last year in November…My first post “Hello world” was born exactly one year ago, and many things have changed during the past 365 days. I have learned a lot on interesting security topics (and probably...
by Julien Ahrens | Monday, November 19, 2012 | Exploit
Here’s a working exploit for an already disclosed bug – including SafeSEH Bypass – and for the actual version, which is still vulnerable. Sadly. #!/usr/bin/python # Exploit Title: Format Factory v3.0.1 Profile File Handling Buffer Overflow...
by Julien Ahrens | Friday, November 9, 2012 | Advisory
Inshell Security Advisory Inshell Security Advisory Home 1\. ADVISORY INFORMATION ———————– Product: Zoner Photo Studio Vendor URL: www.zoner.com Type: Stack-based Buffer Overflow [CWE-121] Date found: 2012-10-17 Date...
by Julien Ahrens | Friday, November 9, 2012 | Exploit
My last advisory IA42 “Zoner Photo Studio v15 Build3 (Zps.exe) Registry Value Parsing Local Buffer Overflow” looks like a general exploitable vulnerability, but it is quite interesting to exploit because there is a major memory protection in use: SafeSEH....
by Julien Ahrens | Wednesday, October 10, 2012 | Bug Bounty
Great news! A few months ago I submitted a Cross-Site Scripting Vulnerability to the official Bug Bounty program of PayPal: It was accepted, fixed, and fully paid out, and I was very excited about the nice bounty :-). Additionally this has been my first participation...
by Julien Ahrens | Sunday, September 30, 2012 | Advisory
Hamburg.de – The website of the most beautiful city in Germany which is famous for its big port and its amazing atmosphere. Some days ago I had found a Non-Persistent Cross-Site Scripting vulnerability on this website and informed the team of Hamburg.de about...
by Julien Ahrens | Sunday, September 23, 2012 | Exploit
First of all…thanks b33f from fuzzysecurity.com for your hint which helped a lot in solving the reliability issue of my last exploit 🙂 ! In my last article I wrote about a missing reliable way of executing shellcode. I received a mail from b33f about the...
