Florent Daignière's blog

CVE-2014-1409 or the sad tale of an XPath injection affecting mobileiron products 23 Jun, 2014 Following up on my last post about XPath injections, I will document part of the process we went through to exploit CVE-2014-1409 and hopefully convince a few that this category of bugs is no joke and should be looked for during pentests. So, what about it? Well, let me tell …

Florent Daignière