javahacker.com

The Java Hacker – Peter Jaric's Blog

Category: Security

Crashing Skype with a Malicious URL

Some time ago I noticed that it is possible to create Skype links for starting a chat with your account. This is how one of these URIs would look: skype:#accountname/$*T;somenumber?chat I started to play around with this and soon noticed that if you changed the “T” to a “U” and opened the URL in your […]

Using window.onerror to Brute-force Cross Domain Data (updated)

Update: If you haven’t read the post before, please read the original post below. I got a lot of interesting comments on Twitter about this post, and among them the obvious problem that this approach is slow. Then it hit me, I can do this as a binary search to make it much more efficient. […]

Gateway to Heaven – a CloudFlare Vulnerability

CloudFlare is a service that sits between the Internet and its customers’ web servers, protecting them and speeding them up. When I was visiting the web site of one of these customers I noticed something strange. The page was fetching content (JavaScript and CSSes) via a URL that looked something like this: http://example.com/cdn-cgi/pe/bag?r[]=http://example.com/some.css&r[]=http://example.com/some.css (If you, […]

Open Chat Conversations in Halebop Support (Fixed)

5 months ago I discovered that the Swedish telecom operator Halebop (a TeliaSonera operated brand) had a big problem in its support chat. After ending a support session, the customer could access the log of the session for later reference via an URL on the form: https://…halebop.se/…path?ID=[id]&_sid=[sid] It turned out that the _sid parameter didn’t […]

Abusing the Solr local parameters feature – LocalParams injection

Solr is an open source search platform built by the Apache project. You can read more about it at the Solr site, but I’ll go straight to the point. Quite a few sites has based their search functionality on Solr and many of them suffer from a small problem, that I call “LocalParams injection” for […]

The Sea Surfer – a Simple Tool for CSRF Vulnerability Detection and Proof-of-Concept Creation

Lately I have taken an interest in web application security, as covered by OWASP. One common vulnerability in web applications is to be sensitive to CSRF attacks. I have made a small tool in the form of a bookmarklet to detect CSRF vulnerabilities and create proof-of-concept exploits. It is very simple, but it does the […]