Florent Daignière's blog

  • CVE-2014-1409 or the sad tale of an XPath injection affecting mobileiron products

    23 Jun, 2014

    Following up on my last post about XPath injections, I will document part of the process we went through to exploit CVE-2014-1409 and hopefully convince a few that this category of bugs is no joke and should be looked for during pentests.

    So, what about it? Well, let me tell …