Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.
© All rights reserved.
webapp security
Stored XSS via Swish Transaction
Last week I went to the cinema with some friends. My friend paid for the ticket so I decided to use
ReadEnumerating Cinema Tickets
This is a hack I disclosed around a year ago to the company in question. It involves the company SF, which has a
ReadOne.com CSRF and XSS
About a year ago I found a few vulnerabilities on the one.com website. For those of you that don't know, _one.com_ is
ReadWeb Timing Attacks, Continued
Continuing on the subjects of timing attacks, I recently found a small
ReadGetting timing output from CSRF exploits
I've been playing around with the idea of timing attacks lately. The way
ReadPredicting .NET Guid.NewGuid()
.... is unfortunately rather difficult. GUID stands for [globally unique
Read