Profile cover photo
Profile photo
Jakub Zoczek
127 followers
127 followers
About
Jakub's posts

Post has attachment
[CTF] 9447 CTF web200 "nicklesndimes" write-up
That was really cool challenge on 9447 CTF from Web category. Task description: Nick's been eating your grandmother's strombomi. Head over to http://nicklesndimes-wq3mhu8l.9447.plumbing. Gain access to his admin account. So the task is to takeover admin  ac...

Post has attachment
[PL] Bypassing Same-Origin Policy - slajdy z 4Developers 2015
W poniedziałek 20.04.2015r. miałem przyjemność bycia prelegentem na konferencji 4Developers w ścieżce Security organizowanej przez SecuRing . Slajdy z prezentacji:  https://drive.google.com/file/d/0B7U6Q1zbqTkyOEY3TmRXWl8tODQ/view?usp=sharing Nagranie będzi...

Post has attachment
plupload - Same-Origin Method Execution [Wordpress 3.9 - 4.1.1]
This January I've found and reported XSS vulnerability in plupload, that affects Wordpress from 3.9 to 4.1.1.  As far as there was no ability to control arguments of function called - the "only" thing we could do with this issue was Same-Origin Method Execu...

Post has attachment
No i tyle ;-)

Post has attachment
evercookie.swf - Stored Cross-Site Scripting
Today  @samykamkar released new version of evercookie that fixes Stored Cross-Site Scripting issue that I reported. Here is how it works in details. First of all - we should check vulnerable code:  evercookie.as So - the flash file takes flashVar parameter ...

Post has attachment

Post has attachment
Yammer.com Same-Origin Method Execution :-) 

Post has attachment
yammer.com - Same Origin Method Execution
SOME ;-) time ago @BenHayak talked about Same-Origin Method Execution on BlackHat EU. At the time of posting this article, there's no public whitepaper yet (only leaked slides) - that's why I'd love to share one of first posts that show this attack in actio...

Post has attachment
NIESAMOWITE! 

Post has attachment
Listen and share! :-)
Wait while more posts are being loaded