User Profile

Me

omarwanis

About

No information has been set by the researcher

Recognised by

None listed.

omarwanis's challenge statistics

View Researcher Activity

6 total submissions

5 accepted

1 rejected




Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...
Category: Cross Site Scripting (XSS)
Completed on 14-02-2019

Easy This developer didn't realise people could view the HTML source. What can you find?

Note: This challenge just requires you to have a keen eye. Look carefully! Firstly, this developer hid his admin panel at a random subdomain he didn't think anyone could find. Because of this...
Category: Test your recon
Completed on 20-03-2019

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...
Category: Cross Site Scripting (XSS)
Completed on 04-02-2019

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...
Category: openurl
Completed on 08-02-2019

Medium Blind testing - debug mode

This one will require a bit of thinking. It's designed to be a complete blackbox so you have no idea what it's looking for but using information on the page and basic understanding of HTTP requests...
Category: Cross Site Scripting (XSS)
Completed on 09-02-2019