rakeshmane BugBountyNotes profile | Collaborate and work with other security researchers on bug bounties

User Profile

rakeshmane

About

No information has been set by the researcher

Personal website:
http://blog.rakeshmane.com

Recognised by

None listed.

rakeshmane's challenge statistics

View Researcher Activity

10 total submissions

10 accepted

0 rejected


Easy A properly secured parameter We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...	Category: Cross Site Scripting (XSS) Completed on `09-11-2018`
Medium/hard Steal teh token! Can you steal the token?	Category: Cross Site Scripting (XSS) Completed on `09-11-2018`
Medium/hard An unusual XSS This challenge was inspired (and reproduced exactly) by a real-life XSS I've recently exploited in a private bug bounty program. It requires some out of the box thinking, it's not an easy challenge....	Category: Cross Site Scripting (XSS) Completed on `09-11-2018`
Easy/medium Your scanner just found include.html - but what does the javascript do? This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...	Category: Cross Site Scripting (XSS) Completed on `05-02-2019`
Easy/medium Can you bypass the Open URL redirect filter? Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...	Category: openurl Completed on `09-11-2018`
Medium Blind testing - debug mode This one will require a bit of thinking. It's designed to be a complete blackbox so you have no idea what it's looking for but using information on the page and basic understanding of HTTP requests...	Category: Cross Site Scripting (XSS) Completed on `09-11-2018`
Medium/hard This strict URL filter should prevent XSS, right? This one is pretty simple. One parameter is vulnerable, ?url=. Can you get XSS to execute?	Category: Cross Site Scripting (XSS) Completed on `09-11-2018`
Medium/hard Can you find the flag via SQL injection? The form is vulnerable to SQL injection and there's a flag inside the database waiting for you. Using ONLY union based injection, can you retrieve it?	Category: SQL Injection (SQLi) Completed on `09-11-2018`
Easy/medium Our redirect blacklist is top-notch, right? We built a secure redirect system, to redirect from our website to our application. There is not a way to bypass this, right?	Category: Open URL Redirect Completed on `09-11-2018`