Adrian "vurlo" Junge

Welcome to my bug collection 🐛

CTF player, vulnerability researcher, and computer science student creating writeups, collecting CVEs, bounties, and notes from real targets and challenges. I poke things politely and occasionally convince software to confess.

Timeline About me

21 Posts 167 min read 10 CVEs 0 Bounties & more...

Latest notes

Discovering SQL Injections in Joomla with AI-Assisted Research

Security Research PHP SQLI Joomla AI-Assisted Auditing

How a manual SQLi hunt turned into an AI-assisted Joomla audit and two assigned CVEs.

2026-06-13 14 min read

Scanwich Station

Authored challenge Hard Pwn Web Challenge by vurlo

A table-side QR reader for hungry guests and suspicious menus. One special order can make the scanner serve more than dinner.

2026-06-05 14 min read 5 solves / 405 points

Funny Java Strings?

Security Research Java JVM Internals Security Research Memory

Java Strings are immutable, interned, optimized, and surprisingly easy to misunderstand when secrets are involved. This post digs into String pooling, reflection, Base64 copies, library APIs, and why ...

2026-05-27 8 min read