User Profile

Me

shapa

About

Security Bug hunter

Recognised by

   

shapa's challenge statistics

View Researcher Activity

9 total submissions

8 accepted

1 rejected




Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...
Category: Cross Site Scripting (XSS)
Completed on 19-11-2018

Medium/hard Steal teh token!

Can you steal the token?
Category: Cross Site Scripting (XSS)
Completed on 19-11-2018

Medium/hard Hack The Admin Panel Challenge

Can you exploit the XSS vulnerability present in a hidden feature to gain access of admin panel? Note: Admin prefers clicking. He doesn't like moving his mouse here and there.
Category: Cross Site Scripting (XSS)
Completed on 09-12-2018

Medium/hard An unusual XSS

This challenge was inspired (and reproduced exactly) by a real-life XSS I've recently exploited in a private bug bounty program. It requires some out of the box thinking, it's not an easy challenge....
Category: Cross Site Scripting (XSS)
Completed on 19-11-2018

Medium/hard Can you XSS when redirecting?

You'll have to somehow get XSS. May be by stopping something? May be by abusing unexpected behaviour of browser? May be by fuzzing? All upto you. Note : Intended solution works in Firefox...
Category: Cross Site Scripting (XSS)
Completed on 19-11-2018

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...
Category: Cross Site Scripting (XSS)
Completed on 10-02-2019

Easy/medium Our redirect blacklist is top-notch, right?

We built a secure redirect system, to redirect from our website to our application. There is not a way to bypass this, right?
Category: Open URL Redirect
Completed on 19-11-2018