This article presupposes a basic understanding of how function calls and stacks work. If you'd like to learn or need a refresher, Wikipedia is always a good place to start.
Referencing uninitialized memory is a fairly common programming mistake that can cause a variety of seemingly bizarre behaviors ...
Last May, I wrote about a remote password disclosure vulnerability I found in a proprietary protocol used to control ~150 different low-end IP cameras. The exploit I wrote was tested on the Rosewill RXS-3211, a rebranded version of the Edimax IC3005. The vulnerability remained unpatched in the RXS-3211 until July ...
Today's post is kind of long, so I thought I should warn you in advance by adding an additional paragraph for you to read. I also wanted to provide download links for those who'd rather just read the code. It isn't the cleanest code in the world ...
This is a short post documenting the vulnerability I inadvertently found yesterday in the 1 Flash Gallery plugin, which has since been patched. This plugin has been downloaded an estimated 460,000 times, and as of yesterday was ranked by Wordpress as the 17th most popular plugin (although I'm ...
So after a ridiculously long period of procrastination, I finally got around to updating Sergio Proxy to make it remotely usable. I was never very happy with how the initial code turned out, but given that it was hacked out in a couple days just to ...
When I first started on this post, I intended to write about some fun things one can do with a $30 Rosewill IP camera (RXS-3211). While I still intend to do this in the near future, I decided instead to document an interesting password disclosure vulnerability I found that appears ...
Well, here were are, about three months since I initially released d0z.me, and I've finally gotten away from school and life for a bit this week and updated it. However, I think it was definitely worth the wait. You can grab the code over at d0z.me's ...
Hey all, Dreamhost informed me today that they received complaints regarding d0z.me, which was not wholly unexpected. I would certainly have appreciated ...
This post documents an XSS vulnerability that I discovered in the default Gmail app (v1.3) provided by Google in Android 2.1 and prior. All versions included in Android up to and including 2.1 seem to be affected, but the bug was unintentionally patched in Froyo (2.2 ...
This post documents an XSS vulnerability I discovered in the event tracking functionality provided by Google Analytics. Given a website's Google account number (which can be found in the site source), one could spoof specially crafted events that, when clicked in the administrative interface, would run arbitrary Javascript in ...