by Julien Ahrens | Saturday, May 25, 2013 | Advisory
I’ve reported an interesting Cross-Site Scripting flaw on the official website of ICQ, the world’s probably best known and most used Cross-Platform Messaging application to the developers in February. This flaw potentially allowed an attacker to steal...
by Julien Ahrens | Sunday, May 5, 2013 | Exploit
A few weeks ago, one of my followers asked me if I can help him writing a functional exploit for the current version of the Audio Media Player by ABBS because he’s experiencing problems with successfully exploiting a NULL-byte issue. All exploits that are...
by Julien Ahrens | Wednesday, May 1, 2013 | Certifications
As you may have noticed – it went quiet on my blog in the last few weeks. I was heavily working on the challenging Offensive-Security Labs to obtain my Offensive-Security Certified Professional (OSCP) certification. AND ! Yesterday! I received the mail...
by Julien Ahrens | Saturday, April 13, 2013 | Bug Bounty
Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program. This time the domain www.paypaltech.com was affected, which provides scripts and samples used for...
by Julien Ahrens | Tuesday, March 26, 2013 | Advisory
That’s amazing bad. Where should I start? In July 2012 I’ve reported a critical SQL – Injection flaw on the official website of Lower Bavaria alongside another small XSS flaw to the owner of the website. The answer did not take that long asking for...
