Benjamin Daniel Mussler

Ix-Xgħajra, Malta
Karlsruhe, Germany

Technical notes, thoughts and vulnerability advisories sprinkled with the occasional proof-of-concept.

Twitter LinkedIn HackerOne Bugcrowd

Recent Posts

SANS Holiday Hack 2015: Solutions & Answers

Technical solutions for the SANS Holiday Hack 2015, covering packet capture analysis, Local File Inclusion, NoSQL Injection, Remote Code Execution, binary exploitation & exploit development on Linux with gdb, bypassing canary and ASLR protection. Stored XSS via Book Metadata

I have found a Stored Cross-Site Scripting (XSS) vulnerability on This post explains the issue and describes a possible venue of exploitation.