Notes/writeups
These are some notes/writeups, right now mostly about interesting (and now-public) security vulnerabilities I've found over the years.
- WordPress OpenID plugin: authentication bypass - the sad story of the error message who wanted to do things right. (2016)
- 404-to-301 (WordPress plugin): stored XSS - where I missed the forest for the trees. (2016)
- sudo: digest race condition - vulnerability discovery by means of reading the documentation. (2015)
- gitlab: fun with paths - why yes, my name is '..', I'm so glad you asked. (2015)
- vmchecker: code execution, auth bypass - where I forgot my password and was delighted to discover I didn't need it after all. (2014)
- mysql: heap memory exposure, DoS - a wretched tale of missing sanity checks, integer overflows, pointer arithmetic horrors, and the perils of competing vendors. (2013)
- NetworkMiner: directory traversal - a reminder that, no matter how much input sanitization you might sprinkle around your code, someone will always find the one place where you don't get it quite right. (2013)
- wireshark: several vulnerabilities - where I learnt ways to confound those monitoring my network traffic, and that parsers should not be written in C. (2013)