Julien Ahrens – Medium

Julien Ahrens

Patch Diffing CVE-2023–28121 to Compromise a WooCommerce

Back in March 2023, I noticed an interesting security advisory that was published by Wordfence about a critical “Authentication Bypass and…

5 min readJul 3, 2023

--

Patch Diffing CVE-2023–28121 to Compromise a WooCommerce

--

Julien Ahrens

WordPress Transposh: Exploiting a Blind SQL Injection via XSS

Introduction

8 min readJul 22, 2022

--

WordPress Transposh: Exploiting a Blind SQL Injection via XSS

--

Julien Ahrens

H1–4420: From Quiz to Admin — Chaining Two 0-Days to Compromise An Uber Wordpress

Chaining a Stored XSS and a SQL Injection to compromise an Uber Wordpress

4 min readSep 10, 2019

--

H1–4420: From Quiz to Admin — Chaining Two 0-Days to Compromise An Uber Wordpress

--

Julien Ahrens

About a Sucuri RCE…and How Not to Handle Bug Bounty Reports

SSL Certificate Validation is Overrated

7 min readJun 20, 2019

--

About a Sucuri RCE…and How Not to Handle Bug Bounty Reports

--

Julien Ahrens

CVE-2018-7841: Schneider Electric U.Motion Builder Remote Code Execution 0-day

I came across an unauthenticated Remote Code Execution vulnerability (called CVE-2018–7841) on an IoT device which was apparently using a…

5 min readMay 13, 2019

--

CVE-2018-7841: Schneider Electric U.Motion Builder Remote Code Execution 0-day

--

Julien Ahrens

Dell KACE K1000 Remote Code Execution — the Story of Bug K1–18652

This is the story of an unauthenticated RCE affecting one of Dropbox’s in scope vendors during last year’s H1–3120 event. It’s one of my…

5 min readApr 9, 2019

--

Dell KACE K1000 Remote Code Execution — the Story of Bug K1–18652

--

Julien Ahrens

Julien Ahrens

Vulnerability Intel | ROP Gadget Hunter | Privacy Enthusiast | Full-time BugBounty hunter | @Hacker0x01 MVH | @SynackRedTeam member | on a world-trip

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams