javahacker.com

The Java Hacker – Peter Jaric's Blog

Category: Internet

Gateway to Heaven – a CloudFlare Vulnerability

CloudFlare is a service that sits between the Internet and its customers’ web servers, protecting them and speeding them up. When I was visiting the web site of one of these customers I noticed something strange. The page was fetching content (JavaScript and CSSes) via a URL that looked something like this: http://example.com/cdn-cgi/pe/bag?r[]=http://example.com/some.css&r[]=http://example.com/some.css (If you, […]

Abusing the Solr local parameters feature – LocalParams injection

Solr is an open source search platform built by the Apache project. You can read more about it at the Solr site, but I’ll go straight to the point. Quite a few sites has based their search functionality on Solr and many of them suffer from a small problem, that I call “LocalParams injection” for […]

The Sea Surfer – a Simple Tool for CSRF Vulnerability Detection and Proof-of-Concept Creation

Lately I have taken an interest in web application security, as covered by OWASP. One common vulnerability in web applications is to be sensitive to CSRF attacks. I have made a small tool in the form of a bookmarklet to detect CSRF vulnerabilities and create proof-of-concept exploits. It is very simple, but it does the […]

Aardvark and answers that do not answer the question

Recently Google announced that they have acquired Aardvark, a service that finds the right person to answer any question you might have. I’ve used it frequently for a little while, and while I think it is a very cool idea and answering questions is quite addictive, I think there is a problem with the quality […]

New InfoGlue Forum

I have been working with the CMS InfoGlue for a while now and one thing that has been seriously lacking is a large community. To help beginning to build the foundation of a community, I have been pushing for a central official InfoGlue forum and finally we have got it together. Please visit the forum […]

EnBil.nu

My friend Jonatan and his friend Robert released their new site EnBil.nu yesterday! It aggregates most of Sweden’s car rental sites into one easy-to-use site. With their own words (in Swedish): Vår förhoppning är att EnBil.nu ska vara den bästa sajten för att söka efter hyrbilar i Sverige, och vi vågar faktiskt påstå att så […]

Google bug?

Try these Google searches: basket “peter.jaric” basket +”peter.jaric” They return different results, and number 2, the one with a plus sign, returns a lot more. Why is that? Note that these two searches don’t differ: basket “peter jaric” basket +”peter jaric” So there is some problem when using a dot instead of a space. The […]