WTF is DIME again? - writing a scanning tool for my HP LaserJet

- project reversing
TL;DR: I got pissed with HPLIP not working, then the HP Smart app requiring account registration and reverse engineered the network communication and the HP Smart app to develop a tool called HPSimpleScan written in Go, that can be used to scan (not only) from this printer. In the process I’ve written a Kaitai Struct definition of the long-forgotten DIME format and contributed it to the Kaitai Struct formats repo. Read more...

Chaining postMessage XSS on active24.cz

- xss bugbounty
I manage a few websites and domains with the hosting provider active24.cz, one time I decided to take a closer look at their security. After a while of fiddling around I noticed a bunch of postMessages flowing between support.active24.cz and active24.cz origins every time the page was loaded, it was the live support chat system they were using. The main page was iframing https://support.active24.cz/scripts/generateWidget.php and then included a script to communicate with it, handing over information like user ID, if the user is logged in etc. Read more...

The time I found a persistent DOM XSS on DuckDuckGo

- xss bugbounty
In the summer of 2020, I found a not-so-interesting but impactful XSS on the DuckDuckGo search engine. I looked into the security of their Cloud Save feature, which lets you have your preferences (colour scheme, styles etc.) saved and then restored in a privacy-friendly way using a passphrase. The passphrase gets hashed and is used as an API key to access them. I enumerated all the possible options you can save in the preferences object and found two interesting ones. Read more...