Skip to content

javahacker.com

The Java Hacker – Peter Jaric's Blog

  • About

Peter Jaric

Gateway to Heaven – a CloudFlare Vulnerability

January 31, 2014November 2, 2014 Peter JaricInternet, Security

CloudFlare is a service that sits between the Internet and its customers’ web servers, protecting them and speeding them up. When I was visiting the web site of one of these customers I noticed something strange. The page was fetching […]

Read more

Open Chat Conversations in Halebop Support (Fixed)

December 29, 2013November 2, 2014 Peter JaricSecurity

5 months ago I discovered that the Swedish telecom operator Halebop (a TeliaSonera operated brand) had a big problem in its support chat. After ending a support session, the customer could access the log of the session for later reference […]

Read more

Agessa’s World – a game where the interface consists of only alert(), confirm() and prompt()

July 23, 2013November 2, 2014 Peter JaricGames, Programming

A while ago I asked myself: who uses alert() for anything but debugging in web applications nowadays? It didn’t take long to go from that question to the idea that I should make something that uses only native dialogs, just […]

Read more

Linkifying robots.txt

January 26, 2013November 2, 2014 Peter JaricUncategorized

I find it quite fun to look for vulnerabilities in websites and then report them (to hopefully gain a bug bounty or at least a place on a Hall of Fame list). One place to find interesting stuff is in […]

Read more

Abusing the Solr local parameters feature – LocalParams injection

January 12, 2013November 2, 2014 Peter JaricInternet, Security

Solr is an open source search platform built by the Apache project. You can read more about it at the Solr site, but I’ll go straight to the point. Quite a few sites has based their search functionality on Solr […]

Read more

Sea Surfer v2

June 16, 2012November 2, 2014 Peter JaricUncategorized

A little while ago I made a bookmarklet called the Sea Surfer for detecting and exploting CSRF vulnerabilities. Since then I have got some feedback from Ashar Javed which has prompted me to create a slightly improved version. Sea Surfer […]

Read more

The Sea Surfer – a Simple Tool for CSRF Vulnerability Detection and Proof-of-Concept Creation

May 23, 2012November 2, 2014 Peter JaricInternet, Programming, Security

Lately I have taken an interest in web application security, as covered by OWASP. One common vulnerability in web applications is to be sensitive to CSRF attacks. I have made a small tool in the form of a bookmarklet to […]

Read more

Meeting Notes #1

May 17, 2012November 2, 2014 Peter JaricUncategorized

I often draw something when I attend meetings at work. It helps me concentrate and it’s fun. I’ll upload some of these drawings here. Here’s the first one:

Read more

Fun with JavaScript: count parentheses

April 19, 2012November 2, 2014 Peter JaricProgramming

Yesterday, I wrote a JavaScript function that returned another function. At one place I wanted to call the returned function immediately, resulting in code looking somewhat like this: When seeing that code, I asked myself: would it be possible to […]

Read more

Citerus Programming Challenge at JFokus 2011

February 16, 2011November 2, 2014 Peter JaricUncategorized

The company Citerus held a programming competition at the JFokus 2011 developer conference. I was one of the more than 100 contestants. Read more about it at http://www.citerus.se/post/vinnare (in Swedish). I have included both the winning solution from Carin Lidberg […]

Read more

Posts navigation

Older posts
Newer posts

javahacker.com

  • About
Powered by WordPress | Theme: Astrid by aThemes.