Jan 24Unleashing the power of CSS injection: The access key to an internal APIIn this write-up, we will be explaining a vulnerability that was discovered in an online accounting application. The vulnerability was a CSS injection flaw that could be exploited in the application’s PDF generator. We will explain to you how we discovered the vulnerability and how we were able to exploit…Cybersecurity4 min readCybersecurity4 min read
Feb 5, 2021Escalating SSRF to RCERetrieving AWS metadata and use it for RCE — Recently, I stumbled upon a SSRF vulnerability allowing retrieval of the Amazon metadata for the EC2 instance running the vulnerable software. But how to proceed and turn the SSRF into RCE? When researching a web application, I stumbled upon an endpoint which allowed me to perform SSRF. I’ll use the endpoint http://example.com/fetch?url=[path] as example.Security4 min readSecurity4 min read
Jul 11, 2018Stored XSS on funda, funda desk and funda emailsSince a few months, my girlfriend and I are looking for a house to buy. The housing market is going crazy in the Netherlands at this moment. Prices go beyond limits and houses are being sold within approximately 2 weeks after being available on the market. One of the best-known…Hacking4 min readHacking4 min read
Mar 23, 2018Personal data of all Dutch public transport cards (“OV-Chipkaart”) accessibleDecember 19, 2017, an article on Tweakers.net was published about a publicly accessible form showing the balance and the date of last activity of any public transport card you fill in. Short after this article being published a comment on the article stated that the date of birth of the…Hacking4 min readHacking4 min read
