Skip to content

javahacker.com

The Java Hacker – Peter Jaric's Blog

  • About

Security

Crashing Skype with a Malicious URL

March 25, 2015March 26, 2015 Peter JaricSecurity

Some time ago I noticed that it is possible to create Skype links for starting a chat with your account. This is how one of these URIs would look: skype:#accountname/$*T;somenumber?chat I started to play around with this and soon noticed […]

Read more

Using window.onerror to Brute-force Cross Domain Data (updated)

November 13, 2014November 14, 2014 Peter JaricProgramming, Security

Update: If you haven’t read the post before, please read the original post below. I got a lot of interesting comments on Twitter about this post, and among them the obvious problem that this approach is slow. Then it hit […]

Read more

Gateway to Heaven – a CloudFlare Vulnerability

January 31, 2014November 2, 2014 Peter JaricInternet, Security

CloudFlare is a service that sits between the Internet and its customers’ web servers, protecting them and speeding them up. When I was visiting the web site of one of these customers I noticed something strange. The page was fetching […]

Read more

Open Chat Conversations in Halebop Support (Fixed)

December 29, 2013November 2, 2014 Peter JaricSecurity

5 months ago I discovered that the Swedish telecom operator Halebop (a TeliaSonera operated brand) had a big problem in its support chat. After ending a support session, the customer could access the log of the session for later reference […]

Read more

Abusing the Solr local parameters feature – LocalParams injection

January 12, 2013November 2, 2014 Peter JaricInternet, Security

Solr is an open source search platform built by the Apache project. You can read more about it at the Solr site, but I’ll go straight to the point. Quite a few sites has based their search functionality on Solr […]

Read more

The Sea Surfer – a Simple Tool for CSRF Vulnerability Detection and Proof-of-Concept Creation

May 23, 2012November 2, 2014 Peter JaricInternet, Programming, Security

Lately I have taken an interest in web application security, as covered by OWASP. One common vulnerability in web applications is to be sensitive to CSRF attacks. I have made a small tool in the form of a bookmarklet to […]

Read more

javahacker.com

  • About
Powered by WordPress | Theme: Astrid by aThemes.