User Profile




No information has been set by the researcher

Recognised by

None listed.

shantanu14g's challenge statistics

View Researcher Activity

15 total submissions

10 accepted

1 rejected

Easy Find the vulnerable parameter and try beat the XSS filter!

I couldn't use the traditional methods of stopping XSS because of the way my application works. Because of this i've had to create a "strict" filter to stop malicious attackers and help...
Category: Cross Site Scripting (XSS)
Completed on 19-07-2019

Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...
Category: Cross Site Scripting (XSS)
Completed on 12-08-2019

Easy This developer didn't realise people could view the HTML source. What can you find?

Note: This challenge just requires you to have a keen eye. Look carefully! Firstly, this developer hid his admin panel at a random subdomain he didn't think anyone could find. Because of this...
Category: Test your recon
Completed on 19-07-2019

Medium Can you add yourself to the hall of fame?

I created a hall of fame with one condition: you have to add yourself, and only one user can control the hall of fame! Can you become the king and show your name proudly? Find a way to get your name...
Category: Misc / Application Logic
Completed on 19-08-2019

Medium Make HTML dirty again!

Sanitizing HTML is hard! Can you get XSS on this website? The solution does not require any user interaction.
Category: Cross Site Scripting (XSS)
Completed on 09-09-2019

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...
Category: Cross Site Scripting (XSS)
Completed on 01-08-2019

Easy/medium FastFoodHackings - Is our new profile updater secure?

**Note** For this challenge you will need an account on _____ Thanks again for everyone helping us test our site and let us know where we are making...
Category: idor
Completed on 19-08-2019

Medium/hard Can you bypass the check and fetch local files?

Our lazy developer is only filtering user input based on the parsers he thinks nobody could bypass this to access another resource, prove him is wrong and fetch local files as a proof !
Category: ssrf
Completed on 18-09-2019

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...
Category: openurl
Completed on 19-07-2019