by Julien Ahrens | Monday, September 14, 2020 | Advisory, CVE
You have probably read one or more blog posts about SSRFs, many being escalated to RCE. While this might be the ultimate goal, this post is about an often overlooked impact of SSRFs: application logic impact. This post will tell you the story about an unauthenticated...
by Julien Ahrens | Wednesday, July 22, 2020 | Bug Bounty
What Do Bug Bounty Platforms Store About Their Hackers? I do care a lot about data protection and privacy things. I’ve also been in the situation, where a bug bounty platform was able to track me down due to an incident, which was the initial trigger to ask...
by Julien Ahrens | Tuesday, September 10, 2019 | Bug Bounty
TL;DR While doing recon for H1-4420, I stumbled upon a WordPress blog that had a plugin enabled called SlickQuiz. Although the latest version 1.3.7.1 was installed and I haven’t found any publicly disclosed vulnerabilities, it still somehow sounded like a bad...
by Julien Ahrens | Thursday, June 20, 2019 | Bug Bounty
TL;DR Sucuri is a self-proclaimed “most recommended website security service among web professionals” offering protection, monitoring and malware removal services. They ran a Bug Bounty program on HackerOne and also blogged about how important...
by Julien Ahrens | Monday, May 13, 2019 | CVE, Exploit
I came across an unauthenticated Remote Code Execution vulnerability (called CVE-2018-7841) on an IoT device which was apparently using a component provided by Schneider Electric called U.Motion Builder. While I’ve found it using my usual BurpSuite foo, I later...
