User Profile

Me

venom

About

No information has been set by the researcher

Recognised by

None listed.

venom's challenge statistics

View Researcher Activity

18 total submissions

9 accepted

5 rejected




Easy Find the vulnerable parameter and try beat the XSS filter!

I couldn't use the traditional methods of stopping XSS because of the way my application works. Because of this i've had to create a "strict" filter to stop malicious attackers and help...
Category: Cross Site Scripting (XSS)
Completed on 10-07-2019

Easy A properly secured parameter

We recently learned that the message parameter on this page was vulnerable to XSS. While we couldn't afford changing this page, we configured our WAF to prevent exploitation. So it's all fine now,...
Category: Cross Site Scripting (XSS)
Completed on 12-08-2019

Easy This developer didn't realise people could view the HTML source. What can you find?

Note: This challenge just requires you to have a keen eye. Look carefully! Firstly, this developer hid his admin panel at a random subdomain he didn't think anyone could find. Because of this...
Category: Test your recon
Completed on 10-07-2019

Easy/medium Your scanner just found include.html - but what does the javascript do?

This is a re-created bug I recently found on a public bugbounty program. My scanner was hunting for interesting subdomains&files and I noticed one interesting subdomain which contained nothing...
Category: Cross Site Scripting (XSS)
Completed on 09-07-2019

Easy/medium FastFoodHackings - Is our new profile updater secure?

**Note** For this challenge you will need an account on https://www.bugbountytraining.com/FFH/ _____ Thanks again for everyone helping us test our site and let us know where we are making...
Category: idor
Completed on 11-07-2019

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...
Category: openurl
Completed on 10-07-2019

Medium Blind testing - debug mode

This one will require a bit of thinking. It's designed to be a complete blackbox so you have no idea what it's looking for but using information on the page and basic understanding of HTTP requests...
Category: Cross Site Scripting (XSS)
Completed on 10-07-2019

Easy/medium [LIVE EVENT] Testing FastFoodHackings Patches

FastFoodHackings was extremely grateful for your help in the first session and have made patches & changes to their site. Have they patched the bugs correctly, and have they introduced any new...
Category: Cross Site Scripting (XSS)
Completed on 21-07-2019