Adrian "vurlo" Junge

Welcome to my bug collection 🐛

CTF player, vulnerability researcher, and computer science student creating writeups, collecting CVEs, bounties, and notes from real targets and challenges. I poke things politely and occasionally convince software to confess.

Timeline About me

20 Posts 153 min read 10 CVEs 0 Bug bounties 2 Created Challenges 1 Certificates 10 Achievements

Featured work

Open Scanwich Station

Created challenge

Scanwich Station

2026-06-05 GPNCTF 2026 Hybrid web and pwn challenge about mass assignment, QR-code decoding, signed integer overflow, and GLIBC dynamic symbol poisoning. Published for GPNCTF 2026. 14 min read

CVE

Joomla CMS

High CVE-2026-48898 CWE-284 Privilege escalation through com_users batch task

Summary

Joomla CMS 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0 were affected by an improper access check in the com_users batch task. Authenticated attackers could abuse the batch flow to escalate privileges.

Disclosure timeline

2026-04-03 Reported to the Joomla Security Strike Team.
2026-04-18 Confirmation of the issue and initial patch development.
2026-05-26 Fixed in Joomla CMS 5.4.6 and 6.1.1 and CVE assigned.

Open Hack The Box Certified Penetration Testing Specialist

Certificate

Hack The Box Certified Penetration Testing Specialist

2026-03-23 Certification Completed the HTB CPTS path and passed the practical exam on the first attempt, including a full penetration-test report for the exam environment. The work focused on disciplined enumeration, Active Directory attack paths, web findings, and reproducible reporting. 8 min read

Latest notes

Scanwich Station

Authored challengepwnweb Challenge by vurlo

A table-side QR reader for hungry guests and suspicious menus. One special order can make the scanner serve more than dinner.

2026-06-05 14 min read

Funny Java Strings?

JavaJVM InternalsSecurity ResearchMemory

Java Strings are immutable, interned, optimized, and surprisingly easy to misunderstand when secrets are involved. This post digs into String pooling, reflection, Base64 copies, library APIs, and why ...

2026-05-27 8 min read

xmalloc

pwn Challenge by ju256

All of our slot machines switched from using the very insecure libc heap implementation to something much more secure internally. Surely this new heap implementation is unbreakable :D

2026-05-25 11 min read