webapp security

infosec

Stored XSS via Swish Transaction

Last week I went to the cinema with some friends. My friend paid for the ticket so I decided to use

Read
infosec

Enumerating Cinema Tickets

This is a hack I disclosed around a year ago to the company in question. It involves the company SF, which has a

Read
infosec

One.com CSRF and XSS

About a year ago I found a few vulnerabilities on the one.com website. For those of you that don't know, _one.com_ is

Read
infosec

FitBit CSRF and XSS

A few months ago I bought a fitbit, which is a wristband tracking device.

Read
infosec

Web Timing Attacks, Continued

Continuing on the subjects of timing attacks, I recently found a small

Read
infosec

Getting timing output from CSRF exploits

I've been playing around with the idea of timing attacks lately. The way

Read
infosec

Predicting .NET Guid.NewGuid()

.... is unfortunately rather difficult. GUID stands for [globally unique

Read