Profile for joern
About joern
Fields
- Website
- https://0day.click
- Threema
- https://threema.id/K8J68WTX
Bio
Your mom's favorite hacker!
My other account is @joernchen
- Joined
- Posts
- 660
- Followed by
- 1124
- Following
- 260
Stats
Recent public posts
:(
Due to $reasons I came across this blogpost https://www.elttam.com/blog/env/ about turning ENV variables into code execution which is nice. But the Python vector is depending on Perl, I didn't like that :P.
Digging a bit deeper in the code often helps, so it did this time:
Looking at https://github.com/python/cpython/blob/d73634935cb9ce00a57dcacbd2e56371e4c18451/Lib/webbrowser.py#L51-L52 I could simplify the payload to:
PYTHONWARNINGS='module::antigravity.' BROWSER='sh -c id #%s' python whatever.py
Wheeee my presentation on parser differentials made it on the Top Ten Web Hacking Techniques of 2025
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025
That little string
ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86
(see https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals#implementation-guide ) is so much fun. I wonder when Anthropic will regret this and remove it.
Also I obviously wonder what else is there in terms of MAGIC_STRINGs which aren't documented.
Hat tip to @michenriksen for pointing me to this.
How many hours have you personally wasted by disassembling a binary file with the wrong CPU setting?
new year new meme
67 is so over. itβs time for 4οΈβ£ 5οΈβ£
For the Berlin peeps:
Iβll be playing some tunes tonight together with the amazing poco1oco, donβt miss out https://www.eschschloraque.de/vinyltrottel-02012026
So the big thing in Bug Bounty now seems to be letting an LLM generate artificial PoCs for "issues" within a trust boundary.
Basically what's submitted as proof would be a snippet of code demonstrating a library "vulnerability" where all further context is left out.
Happy cloudflare is down day to those who celebrate
Iβm slightly madβ¦.
What stands in my way of having a nice vulnerability is the apparent inability of certain LLMs to emit \r (carriage return). For some reason they keep emitting \n (newline) instead.
I found myself posting this little comic at work A LOT currently.
It's really interesting, especially in the context of (agentic) AI, how features can be bugs or even vulnerabilities and vice versa, depending on whom you ask about it. It's always the context which matters and a lot is personal preference/risk appetite of whoever is using the 'feature'.
I tend to advocate for secure defaults with an option to let anyone choose if they want to take the risk of e.g. AI 'yolo' mode.
So I just met someone in person a few days ago. They said: "Oooh you're busy looking into AI stuff lately? That's good so you wont bother $THING with vuln reports! :P"
Guess where I just found a nice vuln 
I found a thing (RCE) in langgraph. ;D
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5
Want to hack AI things with me?
