Julien AhrensPatch Diffing CVE-2023–28121 to Compromise a WooCommerceBack in March 2023, I noticed an interesting security advisory that was published by Wordfence about a critical “Authentication Bypass and…Jul 3, 2023Jul 3, 2023
Julien AhrensWordPress Transposh: Exploiting a Blind SQL Injection via XSSIntroductionJul 22, 2022Jul 22, 2022
Julien AhrensH1–4420: From Quiz to Admin — Chaining Two 0-Days to Compromise An Uber WordpressChaining a Stored XSS and a SQL Injection to compromise an Uber WordpressSep 10, 2019Sep 10, 2019
Julien AhrensAbout a Sucuri RCE…and How Not to Handle Bug Bounty ReportsSSL Certificate Validation is OverratedJun 20, 2019Jun 20, 2019
Julien AhrensCVE-2018-7841: Schneider Electric U.Motion Builder Remote Code Execution 0-dayI came across an unauthenticated Remote Code Execution vulnerability (called CVE-2018–7841) on an IoT device which was apparently using a…May 13, 2019May 13, 2019
Julien AhrensDell KACE K1000 Remote Code Execution — the Story of Bug K1–18652This is the story of an unauthenticated RCE affecting one of Dropbox’s in scope vendors during last year’s H1–3120 event. It’s one of my…Apr 9, 2019Apr 9, 2019