Today I got bitten by a problem I've already encountered in the past... and as I didn't document it properly, I had to google it again! Let this blog entry be a more permanent documentation than the previous one.
Early in the morning, the supervision system has started alerting me …
It looks like Netflix has updated their geolocation code... attempting to prevent their users from watching content intended for other regions. This post explores a few technical avenues one might consider to bypass it.
Googling around, it becomes increasingly clear that many people are making a living out of selling …
Following up on my last post about XPath injections, I will document part of the process we went through to exploit CVE-2014-1409 and hopefully convince a few that this category of bugs is no joke and should be looked for during pentests.
So, what about it? Well, let me tell …
XPath injection bugs are relatively common in web applications, yet it's a vulnerability class ignored by the vast majority of pentesters.
I think that there is two main reasons for that:
This morning I have received a special spam, the kind that warrants a blog post.
It's interesting for several reasons: