User Profile

Me

sp1d3rs

About

Human.Possibly

Personal website:
https://xpoc.pro

Recognised by

None listed.

sp1d3rs's Recent Activity

View sp1d3rs's statistics

Stored XSS in galleries - https://www.redtube.com/gallery/[id] path

Disclosed by sp1d3rs on Redtube on 2018-10-10

Open Redirect on the nl.wordpress.net

Disclosed by sp1d3rs on Wordpress on 2018-02-22

Stored Cross-Site scripting in the infographics using links

Disclosed by sp1d3rs on Infogram on 2017-12-04

DOM XSS and Open Redirect on the themes.razerzone.com

Disclosed by sp1d3rs on Razer_us on 2017-11-27

Stored XSS in the Custom Logo link (non-Basic plan required)

Disclosed by sp1d3rs on Infogram on 2017-11-23

SSRF bypass for https://hackerone.com/reports/285380 (query AWS instance)

Disclosed by sp1d3rs on Alienvault_security on 2017-11-14

SSRF bypass #2 (using octal encoding) on the https://www.threatcrowd.org/domain.php

Disclosed by sp1d3rs on Alienvault_security on 2017-11-14

Database credentials leak on the https://razer-id.razerzone.com/

Disclosed by sp1d3rs on Razer_us on 2017-11-08

Two-factor authentication bypass on Grab Android App

Disclosed by sp1d3rs on Grab on 2017-09-12

Double Stored Cross-Site scripting in the admin panel

Disclosed by sp1d3rs on Tts on 2017-09-05

Cross-site scripting (XSS) vulnerability on a DoD website

Disclosed by sp1d3rs on Deptofdefense on 2017-08-15

Stored XSS in the any user profile using website link

Disclosed by sp1d3rs on Pornhub on 2017-07-07

Information disclosure vulnerability on a DoD website

Disclosed by sp1d3rs on Deptofdefense on 2017-07-05

Limited code execution vulnerability on a DoD website

Disclosed by sp1d3rs on Deptofdefense on 2017-07-05

JSON CSRF on POST Heartbeats API

Disclosed by sp1d3rs on Wakatime on 2017-07-03

Information disclosure vulnerability on a DoD website

Disclosed by sp1d3rs on Deptofdefense on 2017-06-16

Information disclosure vulnerability on a DoD website

Disclosed by sp1d3rs on Deptofdefense on 2017-06-16

Information disclosure vulnerability on a DoD website

Disclosed by sp1d3rs on Deptofdefense on 2017-06-16

Blind SQLi vulnerability in a DoD Website

Disclosed by sp1d3rs on Deptofdefense on 2017-06-16

DOM-based XSS on youporn.com (main page)

Disclosed by sp1d3rs on Youporn on 2017-06-13

Information Disclosure on demo.weblate.org

Disclosed by sp1d3rs on Weblate on 2017-06-02

Self-XSS can be achieved in the editor link using filter bypass

Disclosed by sp1d3rs on Weblate on 2017-06-02

Remote file inclusion vulnerability on a DoD website

Disclosed by sp1d3rs on Deptofdefense on 2017-04-27

Publicy accessible IDRAC instance at api-m.inapp.pushwoosh.com

Disclosed by sp1d3rs on Pushwoosh on 2017-03-29