Profile

Cover photo
James Kettle
Works at PortSwigger Web Security
414,634 views
AboutPostsPhotos

Stream

James Kettle

Shared publicly  - 
 
Reviewing bug bounties - a hacker's perspective
A prospective bug bounty hunter today has very little information on which to base his or her decision about which programs to participate in. There's a dramatic horror story every few months and that's about it. This is unfortunate because bounty hunting i...
A prospective bug bounty hunter today has very little information on which to base his or her decision about which programs to participate in. There's a dramatic horror story every few months and that's about it. This is unfo...
1
Add a comment...

James Kettle

Shared publicly  - 
 
Server-Side Template Injection
I've written up a novel technique to get RCE on webservers - Server-Side Template Injection - over at http://blog.portswigger.net/2015/08/server-side-template-injection.html
I've written up a novel technique to get RCE on webservers - Server-Side Template Injection - over at http://blog.portswigger.net/2015/08/server-side-template-injection.html
1
Add a comment...

James Kettle

Shared publicly  - 
 
Comma Separated Vulnerabilities
My latest research, on exploiting spreadsheet-export functionality to attack users via malicious formulae, is over at: http://contextis.co.uk/blog/comma-separated-vulnerabilities/ Please note I no longer work at Context.
My latest research, on exploiting spreadsheet-export functionality to attack users via malicious formulae, is over at: http://contextis.co.uk/blog/comma-separated-vulnerabilities/ Please note I no longer work at Context.
1
Add a comment...

James Kettle

Shared publicly  - 
 
Exploiting Uber and Piwik with adapted AngularJS payloads
I don't normally blog about bug bounty findings, but I recently found a couple on Piwik and Uber based on AngularJS template injection that have some interesting technical subtleties. As usual, I've published it on blog.portswigger.nethttp://blog.portswi...
I don't normally blog about bug bounty findings, but I recently found a couple on Piwik and Uber based on AngularJS template injection that have some interesting technical subtleties. As usual, I've published it on blog.ports...
1
Add a comment...

James Kettle

Shared publicly  - 
 
Exploiting Path Relative Style-Sheet Imports (PRSSI)
I've posted a detailed breakdown of how to succesfully exploit path-relative stylesheet imports and navigate the associated pitfalls over at http://blog.portswigger.net/2015/02/prssi.html
I've posted a detailed breakdown of how to succesfully exploit path-relative stylesheet imports and navigate the associated pitfalls over at http://blog.portswigger.net/2015/02/prssi.html
1
Add a comment...

James Kettle

Shared publicly  - 
 
Comma Separated Vulnerabilities
My latest research, on exploiting spreadsheet-export functionality to attack users via malicious formulae, is over at:  http://contextis.co.uk/blog/comma-separated-vulnerabilities/ Please note I no longer work at Context.
My latest research, on exploiting spreadsheet-export functionality to attack users via malicious formulae, is over at: http://contextis.co.uk/blog/comma-separated-vulnerabilities/ Please note I no longer work at Context.
1
Add a comment...
Work
Occupation
Information Security
Skills
Breaking web applications
Employment
  • PortSwigger Web Security
    Head of Research, present
Contact Information
Home
Email
Work
Email