Some time ago I noticed that it is possible to create Skype links for starting a chat with your account. This is how one of these URIs would look: skype:#accountname/$*T;somenumber?chat I started to play around with this and soon noticed that if you changed the “T” to a “U” and opened the URL in your […]
Update: If you haven’t read the post before, please read the original post below. I got a lot of interesting comments on Twitter about this post, and among them the obvious problem that this approach is slow. Then it hit me, I can do this as a binary search to make it much more efficient. […]
CloudFlare is a service that sits between the Internet and its customers’ web servers, protecting them and speeding them up. When I was visiting the web site of one of these customers I noticed something strange. The page was fetching content (JavaScript and CSSes) via a URL that looked something like this: http://example.com/cdn-cgi/pe/bag?r[]=http://example.com/some.css&r[]=http://example.com/some.css (If you, […]
5 months ago I discovered that the Swedish telecom operator Halebop (a TeliaSonera operated brand) had a big problem in its support chat. After ending a support session, the customer could access the log of the session for later reference via an URL on the form: https://…halebop.se/…path?ID=[id]&_sid=[sid] It turned out that the _sid parameter didn’t […]
Solr is an open source search platform built by the Apache project. You can read more about it at the Solr site, but I’ll go straight to the point. Quite a few sites has based their search functionality on Solr and many of them suffer from a small problem, that I call “LocalParams injection” for […]
Lately I have taken an interest in web application security, as covered by OWASP. One common vulnerability in web applications is to be sensitive to CSRF attacks. I have made a small tool in the form of a bookmarklet to detect CSRF vulnerabilities and create proof-of-concept exploits. It is very simple, but it does the […]