Benjamin Daniel Mussler

Ix-Xgħajra, Malta
Karlsruhe, Germany

Technical notes, thoughts and vulnerability advisories sprinkled with the occasional proof-of-concept.

Twitter LinkedIn HackerOne Bugcrowd
WEB@FL7.DE
PGP (0xE0DEFE1F)

Recent Posts

SANS Holiday Hack 2015: Solutions & Answers

Technical solutions for the SANS Holiday Hack 2015, covering packet capture analysis, Local File Inclusion, NoSQL Injection, Remote Code Execution, binary exploitation & exploit development on Linux with gdb, bypassing canary and ASLR protection.

Amazon.com Stored XSS via Book Metadata

I have found a Stored Cross-Site Scripting (XSS) vulnerability on Amazon.com. This post explains the issue and describes a possible venue of exploitation.