Research
Current Research and Interests
Data Leaks
Web Application Security Vulnerabilities
SSJS Injection
- Time-Based PHP V8JS Injection & NoSQL/SSJS Injection (Paper)
- Testing for NoSQL injection - OWASP
- Node.Js Server-Side JavaScript Injection Detection & Exploitation
Vulnerability Research
- CVE-2014-2875 (Predictable Session ID) in CGILua
- CVE-2010-3743 (Directory Traversal) in Visual Synapse HTTP Server
- CVE-2009-1464 (Arbitrary Command Execution via XSRF) in AAS
- CVE-2009-1465 (Undocumented Default Password) in AAS
- CVE-2009-1466 (Insecure Password Storage) in AAS
- CVE-2008-0409 (XSS) in HFS
- CVE-2008-0410 (Information Disclosure) in HFS
- CVE-2008-0405 (Log Arbitrary File/Directory Manipulation) in HFS
- CVE-2008-0406 (Denial-of-Service) in HFS
- CVE-2008-0407 (Username Spoofing) in HFS
- CVE-2008-0408 (Log Forging/Injection Vulnerability) in HFS
- Bugtraq ID 23645 (HTML Injection) in Google Talk