Jesse's Blog

Jesse's Blog Hacks, links, projects, and more. metaconf/0.1 2025-06-14T00:32:29+0000 Jesse Sheehan https://sheehan.nz/ N-Spheres: a Faux-Synth Masterpiece https://sheehan.nz/blog/2024/12/15/n-spheres/ 2024-12-15

A really neat demo. This isn't something of mine; just something I thought was neat.

Congratulations! You've Won? https://sheehan.nz/blog/2024/07/29/congratulations-youve-won/ 2024-07-29

Let's see how an attacker could trick a user into giving up personal information.

Constructing a Career in XSS https://sheehan.nz/blog/2024/05/31/constructing-a-career-in-xss/ 2024-05-31

How a simple XSS bug could spell disaster for prospective employees for one of New Zealand's largest corporations.

Checkmate! Pwning the Database https://sheehan.nz/blog/2024/05/25/checkmate-pwning-the-database/ 2024-05-25

Creating custom modules for a CMS is a great way to add new features to your website. However, it pays to ensure that you've sanitised your inputs.

Book Shop Name Flop https://sheehan.nz/blog/2024/05/19/book-shop-name-flop/ 2024-05-19

Cross-site scripting is everywhere. Sometimes it makes you just want to read a good book to get away from it all...

Helping Oneself to the PII of 800,000 Users and More https://sheehan.nz/blog/2024/05/14/helping-oneself-to-the-pii-of-800000-users-and-more/ 2024-05-14

Why the server should never trust any data supplied by the client.

Architecting a Social Media Worm with XSS https://sheehan.nz/blog/2024/05/03/architecting-a-social-media-worm-with-xss/ 2024-05-03

Haven't you ever wanted to have more followers? Well now you can with a little help from cross-site scripting.

Having Some Fun With XSS https://sheehan.nz/blog/2024/04/28/having-some-fun-with-xss/ 2024-04-28

Sometimes a security issue isn't all that serious and you just want to have a bit of fun.

Customise Your Toy Shopping Experience with XSS https://sheehan.nz/blog/2024/04/21/customise-your-toy-shopping-experience-with-xss/ 2024-04-21

An example of why escaping HTML is important when rendering user-supplied data.

Deactivating Other People's Accounts on a Retail Website https://sheehan.nz/blog/2024/04/15/deactivating-other-peoples-accounts-on-a-retail-website/ 2024-04-15

Another reason to never trust that the user is who they say they are.

Change Other People's Avatars on a Retail Website https://sheehan.nz/blog/2024/04/06/change-other-peoples-avatars-on-a-retail-website/ 2024-04-06

Why you should ensure your endpoints' authorization and authentication have been thoroughly tested.

Your Order History: For All the World to See https://sheehan.nz/blog/2024/03/30/your-order-history-for-all-the-world-to-see/ 2024-03-30

When buggy access controls can leak your personal information.