Mittwoch, 21. Dezember 2016

SQL Injection in Frappe Framework

During a university project Fabin Ullrich and I discovered a SQL Injection vulnerability in the open source web framework frappe (

The issue was fixed within one day after contacting the maintainer (fixed version: 2.1.28).

This blog post is a placeholder for a full disclosure, which will follow next year. Stay tuned!

Freitag, 7. Oktober 2016

Join the beta program for RF Analyzer

It took me quite some time to get the new RF Analyzer version done (I had a lot of other things going on, mainly studying on my master..).
Now I want to continue to release new versions more continuously again and therefore I started a beta program to ensure the stability of the app does not suffer.

Here is the link to join the beta program:

If you didn't get the app from Google Play, the beta is also available on GitHub:

Version 1.13 will contain many bugfixes (collected over the year) and also the promised bookmark feature. For the future I plan to support the SDRplay and include digital demodulation modes (PSK31, ...)

changelog for version 1.13
 - Bookmark frequencies
 - Including hackrf_android 1.12 (support for rad1o)
 - Select unit for frequency and bandwidth (MHz,kHz,Hz) in jump dialog
 - Many bugfixes

At this point I want to thank everyone who contacted me and providing me with a ton of feedback and bug reports! Please keep it up!