User Profile

Me

rakeshmane

About

No information has been set by the researcher

Personal website:
http://blog.rakeshmane.com

Recognised by

None listed.

rakeshmane's challenge statistics

View Researcher Activity

10 total submissions

10 accepted

0 rejected




Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Medium/hard Steal teh token!

Can you steal the token?
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Medium/hard An unusual XSS

This challenge was inspired (and reproduced exactly) by a real-life XSS I've recently exploited in a private bug bounty program. It requires some out of the box thinking, it's not an easy challenge....
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...
Category: Cross Site Scripting (XSS)
Completed on 05-02-2019

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...
Category: openurl
Completed on 09-11-2018

Medium Blind testing - debug mode

This one will require a bit of thinking. It's designed to be a complete blackbox so you have no idea what it's looking for but using information on the page and basic understanding of HTTP requests...
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Medium/hard This strict URL filter should prevent XSS, right?

This one is pretty simple. One parameter is vulnerable, **?url=**. Can you get XSS to execute?
Category: Cross Site Scripting (XSS)
Completed on 09-11-2018

Medium/hard Can you find the flag via SQL injection?

The form is vulnerable to SQL injection and there's a flag inside the database waiting for you. Using **ONLY** union based injection, can you retrieve it?
Category: SQL Injection (SQLi)
Completed on 09-11-2018

Easy/medium Our redirect blacklist is top-notch, right?

We built a secure redirect system, to redirect from our website to our application. There is not a way to bypass this, right?
Category: Open URL Redirect
Completed on 09-11-2018