Jan 24Unleashing the power of CSS injection: The access key to an internal APIIn this write-up, we will be explaining a vulnerability that was discovered in an online accounting application. The vulnerability was a CSS injection flaw that could be exploited in the application’s PDF generator. …Cybersecurity4 min readCybersecurity4 min read
Feb 5, 2021Escalating SSRF to RCERetrieving AWS metadata and use it for RCE — Recently, I stumbled upon a SSRF vulnerability allowing retrieval of the Amazon metadata for the EC2 instance running the vulnerable software. But how to proceed and turn the SSRF into RCE? When researching a web application, I stumbled upon an endpoint which allowed me to perform SSRF. I’ll use the endpoint http://example.com/fetch?url=[path] as example.Security4 min readSecurity4 min read
Jul 11, 2018Stored XSS on funda, funda desk and funda emailsSince a few months, my girlfriend and I are looking for a house to buy. The housing market is going crazy in the Netherlands at this moment. Prices go beyond limits and houses are being sold within approximately 2 weeks after being available on the market. One of the best-known…Hacking4 min readHacking4 min read
Mar 23, 2018Personal data of all Dutch public transport cards (“OV-Chipkaart”) accessibleDecember 19, 2017, an article on Tweakers.net was published about a publicly accessible form showing the balance and the date of last activity of any public transport card you fill in. Short after this article being published a comment on the article stated that the date of birth of the…Hacking4 min readHacking4 min read
