Julien AhrensPatch Diffing CVE-2023–28121 to Compromise a WooCommerceBack in March 2023, I noticed an interesting security advisory that was published by Wordfence about a critical “Authentication Bypass and…5 min read·Jul 3, 2023----
Julien AhrensWordPress Transposh: Exploiting a Blind SQL Injection via XSSIntroduction8 min read·Jul 22, 2022----
Julien AhrensH1–4420: From Quiz to Admin — Chaining Two 0-Days to Compromise An Uber WordpressChaining a Stored XSS and a SQL Injection to compromise an Uber Wordpress4 min read·Sep 10, 2019----
Julien AhrensAbout a Sucuri RCE…and How Not to Handle Bug Bounty ReportsSSL Certificate Validation is Overrated7 min read·Jun 20, 2019----
Julien AhrensCVE-2018-7841: Schneider Electric U.Motion Builder Remote Code Execution 0-dayI came across an unauthenticated Remote Code Execution vulnerability (called CVE-2018–7841) on an IoT device which was apparently using a…5 min read·May 13, 2019----
Julien AhrensDell KACE K1000 Remote Code Execution — the Story of Bug K1–18652This is the story of an unauthenticated RCE affecting one of Dropbox’s in scope vendors during last year’s H1–3120 event. It’s one of my…5 min read·Apr 9, 2019----