by Julien Ahrens | Friday, November 13, 2020 | Bug Bounty
This is the story about how I’ve chained a seemingly uninteresting request smuggling vulnerability with an even more uninteresting header-based XSS to redirect network-internal web site users without any user interaction to arbitrary pages. This post also...
by Julien Ahrens | Monday, September 14, 2020 | Advisory, CVE
You have probably read one or more blog posts about SSRFs, many being escalated to RCE. While this might be the ultimate goal, this post is about an often overlooked impact of SSRFs: application logic impact. This post will tell you the story about an unauthenticated...
by Julien Ahrens | Wednesday, July 22, 2020 | Bug Bounty
What Do Bug Bounty Platforms Store About Their Hackers? I do care a lot about data protection and privacy things. I’ve also been in the situation, where a bug bounty platform was able to track me down due to an incident, which was the initial trigger to ask...
by Julien Ahrens | Tuesday, September 10, 2019 | Bug Bounty
TL;DR While doing recon for H1-4420, I stumbled upon a WordPress blog that had a plugin enabled called SlickQuiz. Although the latest version 1.3.7.1 was installed and I haven’t found any publicly disclosed vulnerabilities, it still somehow sounded like a bad...
by Julien Ahrens | Thursday, June 20, 2019 | Bug Bounty
TL;DR Sucuri is a self-proclaimed “most recommended website security service among web professionals” offering protection, monitoring and malware removal services. They ran a Bug Bounty program on HackerOne and also blogged about how important...
