Dec 14, 2022Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashesBackground As some might know, I work as a medical doctor (general practitioner) by day and as a security researcher by night. One of my goals in ethical hacking is to learn as much as possible in order to be able to audit myself healthcare products, apps, websites or infrastructure. Is…Hacking11 min readHacking11 min read
Aug 6, 2020Blind SQL Injection at fasteditor.hema.comBackground These days almost every website uses a database. A server application will formulate a query that is send to the database whenever a visitor requests data from the site. The programming language used in those queries is often SQL. …Sql Injection10 min readSql Injection10 min read
Aug 6, 2020Reflected XSS at fotoservice.hema.nlBackground Reflected XSS bugs are great fun to find; they are everywhere and the impact can be big if the injected payload is carefully crafted. Today we will try to find a Reflected XSS bug and craft a custom payload for it. …Bug Bounty11 min readBug Bounty11 min read
May 12, 2020Stored XSS in Paytium 3.0.13 WordPress PluginBackground With a 60% market share WordPress is the most used CMS at this moment. Out of the box WordPress is just a blog. But by installing some plugins you’re able to convert it into a webshop, a crowd funding platform or even a mind reader. Everyone can create and…Security6 min readSecurity6 min read
Apr 6, 2019Email content spoofing at IKEA.comBackground Previously we discussed XSS, open redirect bugs and unrestricted file uploads. Today we will focus on email content spoofing. Phishing someone is way more easy if we are able to send emails from the servers of a well known brand. The email looks legitimate, is digitally signed by the…Security4 min readSecurity4 min read
Apr 4, 2019Leaked Salesforce API access token at IKEA.comBackground Previously we discussed a Local File Inclusion bug at IKEA.com, the bug was quite complicated and showed us that you have to think out of the box in order to exploit it. This time we will learn how a relative simple and easy to spot bug can have a…IKEA6 min readIKEA6 min read
Oct 7, 2018Persistent XSS (unvalidated Open Graph embed) at LinkedIn.comAre you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me: Jonathan@Protozoan.nl Background In my previous report we learned more about a special type of the persistent XSS attack; the unvalidated oEmbed attack. …Linked In8 min readLinked In8 min read
Oct 4, 2018Persistent XSS (Unvalidated oEmbed) at Medium.comAre you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me: Jonathan@Protozoan.nl Background In one of our previous reports we learned more about reflected XSS; the downside of this attack is that we need to trick an user in visiting…Security9 min readSecurity9 min read
Sep 19, 2018Local file inclusion at IKEA.comAre you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me: Jonathan@Protozoan.nl Background With a local file inclusion (LFI) attack you trick the server into sharing its private files. Think of the configuration, log and source code files of the…Security11 min readSecurity11 min read
Sep 17, 2018Reflected XSS at Philips.comAre you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me: Jonathan@Protozoan.nl Background As we learned from previous reports, XSS attacks can have a high impact; you are able to steal cookies, attack the browser of a visitor or use…Bug Bounty8 min readBug Bounty8 min read
