ous">
User Profile

Me

bl4de

About

Software engineer by day, Bug Bounty Hunter, CTF player and h4ck3R by night :) eJPT, eWPT

Personal website:
https://twitter.com/_bl4de

Platform Accounts


Completed Challenges (1)

Recognised by

None listed.

bl4de's Recent Activity

View bl4de's statistics

[exceljs] Possible XSS via cell value when worksheet is displayed in browser

Disclosed by bl4de on Nodejs-ecosystem on 2018-09-01

[bruteser] Path Traversal allows to read content of arbitrary file

Disclosed by bl4de on Nodejs-ecosystem on 2018-07-04

[mcstatic] Path Traversal allows to read content of arbitrary files

Disclosed by bl4de on Nodejs-ecosystem on 2018-04-24

[public] Stored XSS in filenames in directory served by public

Disclosed by bl4de on Nodejs-ecosystem on 2018-04-15

[metascraper] Stored XSS in Open Graph meta properties read by metascrapper

Disclosed by bl4de on Nodejs-ecosystem on 2018-03-28

[node-srv] Path Traversal allows to read arbitrary files from remote server

Disclosed by bl4de on Nodejs-ecosystem on 2018-03-07

[626] Path Traversal allows to read arbitrary file from remote server

Disclosed by bl4de on Nodejs-ecosystem on 2018-02-26

[localhost-now] Path Traversal allows to read content of arbitrary file

Disclosed by bl4de on Nodejs-ecosystem on 2018-02-26

[public] Path Traversal allows to read content of arbitrary files

Disclosed by bl4de on Nodejs-ecosystem on 2018-02-17

Stored XSS vulnerability in RSS Feeds Description field

Disclosed by bl4de on Concrete5 on 2017-08-18

Stored XSS in Name field in User Groups/Group Details form

Disclosed by bl4de on Concrete5 on 2017-08-18

Stored XSS in Pages SEO dialog Name field (concrete5 8.1.0)

Disclosed by bl4de on Concrete5 on 2017-07-28