User Profile

Me

filedescriptor

About

No information has been set by the researcher

Recognised by

None listed.

filedescriptor's challenge statistics

View Researcher Activity

9 total submissions

7 accepted

2 rejected




Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...
Category: Cross Site Scripting (XSS)
Completed on 01-11-2018

Medium/hard Steal teh token!

Can you steal the token?
Category: Cross Site Scripting (XSS)
Completed on 01-11-2018

Hard Try out my Screenshotter.PRO browser extension!

Did you know that a browser extension to capture websites can be written with little to no knowledge? I've done it and it works great! By the way, maybe you could help me with a serious problem....
Category: Misc / Application Logic
Completed on 10-12-2018

Medium Can you get the flag from this browser extension?

This is a convenient extension, storing the logins you use on various webpages and offering them to you on next visit so that you don't have to retype. It also doubles as a flag storage, websites...
Category: Cross Site Scripting (XSS)
Completed on 05-12-2018

Medium/hard There's cross site request forgery (CSRF) protection, but how good is it?

Note: Use a keen eye on this challenge to notice what's happening Our admin panel was hacked because someone discovered a way to force a request to be sent when we visited a malicious website. I...
Category: Cross Site Request Forgery (CSRF)
Completed on 01-11-2018

Medium Exploiting a static page

This is a static page, no server side involved. So looking for XSS vulnerabilities should be pointless, right?
Category: Cross Site Scripting (XSS)
Completed on 01-11-2018

Easy/medium Our redirect blacklist is top-notch, right?

We built a secure redirect system, to redirect from our website to our application. There is not a way to bypass this, right?
Category: Open URL Redirect
Completed on 01-11-2018