User Profile




No information has been set by the researcher

Recognised by

None listed.

sheddow's challenge statistics

View Researcher Activity

5 total submissions

5 accepted

0 rejected

Medium/hard An unusual XSS

This challenge was inspired (and reproduced exactly) by a real-life XSS I've recently exploited in a private bug bounty program. It requires some out of the box thinking, it's not an easy challenge....
Category: Cross Site Scripting (XSS)
Completed on 12-11-2018

Medium/hard Can you XSS when redirecting?

You'll have to somehow get XSS. May be by stopping something? May be by abusing unexpected behaviour of browser? May be by fuzzing? All upto you. Note : Intended solution works in Firefox...
Category: Cross Site Scripting (XSS)
Completed on 12-11-2018

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...
Category: Cross Site Scripting (XSS)
Completed on 04-02-2019

Hard Can you trick this browser extension into revealing its data?

This tiny browser extension is the keeper of a well-hidden secret. We would like to access it from our website, but the extension will only give it to mycompany.invalid which we don't own. Can you...
Category: Misc / Application Logic
Completed on 06-04-2019

Medium Exploiting a static page

This is a static page, no server side involved. So looking for XSS vulnerabilities should be pointless, right?
Category: Cross Site Scripting (XSS)
Completed on 12-11-2018