Florent Daignière's blog

  • Exploiting XPath injection vulnerabilities with XCat

    21 Jun, 2014

    XPath injection bugs are relatively common in web applications, yet it's a vulnerability class ignored by the vast majority of pentesters.

    I think that there is two main reasons for that:

    • The tooling to exploit this type of vulnerabilities sucks.
    • There is very few documented cases of "useful" bugs ...
  • Is SantanderUK compromised?

    25 Mar, 2014

    This morning I have received a special spam, the kind that warrants a blog post.

    It's interesting for several reasons:

    • It has my name in the Subject Header
    • It came through an address that I have only given to my bank
    • It uses a clever old-school trick to avoid ...
  • Hello world!

    21 Mar, 2014

    This is our first post!! A classic

    print("HELO world!")
    

    See you soon ;)

  • ←   newer