User Profile

Me

ebelties

About

No information has been set by the researcher

Recognised by

None listed.

ebelties's challenge statistics

View Researcher Activity

8 total submissions

7 accepted

1 rejected




Easy Find the vulnerable parameter and try beat the XSS filter!

I couldn't use the traditional methods of stopping XSS because of the way my application works. Because of this i've had to create a "strict" filter to stop malicious attackers and help...
Category: Cross Site Scripting (XSS)
Completed on 09-10-2018

Easy This developer didn't realise people could view the HTML source. What can you find?

Note: This challenge just requires you to have a keen eye. Look carefully! Firstly, this developer hid his admin panel at a random subdomain he didn't think anyone could find. Because of this...
Category: Test your recon
Completed on 09-10-2018

Medium/hard XSS and bypass me

Can you execute an alert-box with one user click.
Category: Cross Site Scripting (XSS)
Completed on 05-02-2019

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...
Category: Cross Site Scripting (XSS)
Completed on 04-02-2019

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...
Category: openurl
Completed on 09-10-2018

Medium Blind testing - debug mode

This one will require a bit of thinking. It's designed to be a complete blackbox so you have no idea what it's looking for but using information on the page and basic understanding of HTTP requests...
Category: Cross Site Scripting (XSS)
Completed on 09-10-2018

Medium/hard Can you find the flag via SQL injection?

The form is vulnerable to SQL injection and there's a flag inside the database waiting for you. Using **ONLY** union based injection, can you retrieve it?
Category: SQL Injection (SQLi)
Completed on 09-10-2018