Skip to content

John JEAN Posts

Amazon’s API cryptographic verification badly implemented

Written on : 2015/11/03
Author: John JEAN / @johnjean on twitter)
Affected application: Amazon API
Evaluated Risk : Medium
Solution Status : A patch has been released which fixes these vulnerabilities
References : https://johnjean.io/2015/11/03/amazons-api-cryptographic-verification-badly-implemented/
References : https://github.com/PrestaShop/amzpayments/issues/13
CVE: NA
Leave a Comment

IPB (Invision Power Board) all versions (1.x? / 2.x / 3.x) Admin account Takeover leading to code execution

Written on : 2013/05/02
Released on : 2013/05/13
Author: John JEAN / @johnjean on twitter)
Affected application: Invision Power Board <= 3.4.4
Type of vulnerability: Logical Vulnerability / Bad Sanitization
Required informations : Administrator's email
Evaluated Risk : Critical
Solution Status : A patch has been released which fixes these vulnerabilities
References : https://johnjean.io/2013/05/13/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution/
CVE: CVE-2013-3725
6 Comments

Facebook: Vers XSS/CSRF sur le réseau social

Written on : 2010/10/03
Released on : 2010/10/05
Author: John JEAN / @johnjean on twitter)
Affected application: Facebook
Type of vulnerability: Logical Vulnerability / XSS / CSRF
Required informations : Nothing
Evaluated Risk : Critical
Solution Status : Facebook patched this issue
References :  https://johnjean.io/2010/10/05/facebook-vulnerabilites-csrf-et-xss-ver-destructeurs-sur-un-reseau-social/
7 Comments

Facebook: XSS / CSRF worms on the social network

Written on : 2010/10/03
Released on : 2010/10/05
Author: John JEAN / @johnjean on twitter)
Affected application: Facebook
Type of vulnerability: Logical Vulnerability / XSS / CSRF
Required informations : Nothing
Evaluated Risk : Critical
Solution Status : Facebook patched this issue
References :  https://johnjean.io/2010/10/05/facebook-csrf-and-xss-vulnerabilities-destructive-worms-on-a-social-network/
Leave a Comment

WordPress Ressource Exhaustion Exploit dans toutes les versions de WordPress

36. C’est le nombre de lignes de PHP contenues dans l’exploit que je viens de tester avec intérêt.
4. C’est le nombre de serveurs contenus dans un cluster de test au boulot et qui viennent tous de cesser de répondre pendant que je testais cet exploit. Démentiel. 01h25, c’est l’heure à laquelle j’écris ce billet: vous m’excuserez donc pour les fautes d’orthographes du billet cet article c’est un peu une « Breaking News ».

28 Comments

PunBB <= 1.2.13 Multiple Vulnerabilities

Written on : 2006/10/10
Released on : 2006/10/29
Author: John JEAN / @johnjean on twitter)
Affected application: PunBB <= 1.2.13 Multiple Vulnerabilities
Evaluated Risk : Critical
Solution Status : A patch has been released which fixes these vulnerabilities
References : https://johnjean.io/2006/10/29/punbb-multiple-vulnerabilities/
CVE: CVE-2006-5735 / CVE-2006-5736 / CVE-2006-5737
Leave a Comment