User Profile
zseano
About
Hey! I'm zseano and I run BugBountyNotes. I do bugbounties full time and I managed to reach the top 10 on bugcrowd in just 8months from one program. I am lucky to attend live events by HackerOne and this is what inspired me to create this! :) I specialise in webapp testing and I love helping others. Feel free to reach outPersonal website:
https://www.zseano.com/
Recognised by
zseano's Recent Activity
View zseano's statisticsYour scanner just found include.html - but what does the javascript do?
zseano created a challenge on 2019-02-04
We're out of beta and fully live!
Forum topic created in BugBountyNotes Announcements on 2019-01-26
test
Forum topic created in error on 2019-01-26
Sorry for the silence!
Forum topic created in BugBounty Discussion on 2019-01-11
Can you add yourself to the hall of fame?
zseano created a challenge on 2018-12-04
Bypassing filters for XSS
Forum topic created in BugBounty Discussion on 2018-11-27
Challenge Suggestions
Forum topic created in General Discussion on 2018-11-17
What do you look for in a bugbounty platform?
Forum topic created in Platform Discussions on 2018-11-13
Hey 0xteknogeek - we're waiting
Forum topic created in Mobile Discussions on 2018-11-13
What do you have on your toast?
Forum topic created in General Discussion on 2018-10-30
Who does bugbounties full time?
Forum topic created in BugBounty Discussion on 2018-10-30
Your fav swag?
Forum topic created in Platform Discussions on 2018-10-30
Site only allows for .zip and .txt - thoughts on bypassing?
Forum topic created in Bug Help on 2018-10-30
It’s all in the detail: Email leak & Account takeover thanks to WayBackMachine & extensive knowledge about the program
Shared by zseano on 2018-10-30
Improper CSRF token handling leads to site-wide CSRF issue, chained with clickjacking = woot! Multiple sites vulnerable
Shared by zseano on 2018-10-29
Can you bypass the Open URL redirect filter?
zseano created a challenge on 2018-09-28
Blind testing - debug mode
zseano created a challenge on 2018-09-28
Welcome to BugBountyNotes!
Forum topic created in BugBountyNotes Announcements on 2018-09-14
How re-signing up for an account lead to account takeover
Shared by zseano on 2018-09-14
How signing up for an account with an @company.com email can have unexpected results
Shared by zseano on 2018-09-14
Hey UserID x, what's your secret token?
Shared by zseano on 2018-09-14
Find the vulnerable parameter and try beat the XSS filter!
zseano created a challenge on 2018-09-14
This developer didn't realise people could view the HTML source. What can you find?
zseano created a challenge on 2018-09-14
There's cross site request forgery (CSRF) protection, but how good is it?
zseano created a challenge on 2018-09-14
Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?)
Disclosed by zseano on Hackerone on 2016-12-08
https://windsor.shopify.com/ takeover
Disclosed by zseano on 
Shopify on 2016-07-19