Some weeks ago I performed a blackbox penetration test for a german financial institution. And this story started like “hello, may i help you? Yes, please execute my code on your server”.

Last week i’ve been searching for security issues on eBay websites. This time I found a controller which was prone to remote-code-execution due to a type-cast issue in combination with complex curly syntax. Since this techniques are less known and less discussed I found it interesting enough to blog about it.

During my latest bug hunting on subdomains of eBay I found an exploitable SQL injection which I prompt reported to eBays security team. After my initial contact it took 20 days until they finally fixed the SQL injection issue.

I am currently researching several analytics and tracking scripts on major websites. During this I found an issue which had impact on the all subdomains runnin on *.Redhat.com .

Some weeks ago I took a deeper look into the javascript files used on the SAP.COM main website. During this I found that SAP is tracking the referer and clicks of their visitors by a Script named ”trackinghelper.js”. I’ve reported the full details of my research to the SAP security team. After they fixed the vulnerabilty they sent me a gift for my responsible disclosure. This was already the 3rd time that I got a gift from SAP for security-related research.