User Profile




Hey! I'm zseano and I run BugBountyNotes. I do bugbounties full time and I managed to reach the top 10 on bugcrowd in just 8months from one program. I am lucky to attend live events by HackerOne and this is what inspired me to create this! :) I specialise in webapp testing and I love helping others. Feel free to reach out

Personal website:

Recognised by


zseano's challenge statistics

View Researcher Activity

35 total submissions

8 accepted

13 rejected

Easy Find the vulnerable parameter and try beat the XSS filter!

I couldn't use the traditional methods of stopping XSS because of the way my application works. Because of this i've had to create a "strict" filter to stop malicious attackers and help...
Category: Cross Site Scripting (XSS)
Completed on 27-11-2018

Medium/hard Can you XSS when redirecting?

You'll have to somehow get XSS. May be by stopping something? May be by abusing unexpected behaviour of browser? May be by fuzzing? All upto you. Note : Intended solution works in Firefox...
Category: Cross Site Scripting (XSS)
Completed on 27-11-2018

Medium/hard XSS and bypass me

Can you execute an alert-box with one user click.
Category: Cross Site Scripting (XSS)
Completed on 05-02-2019

Easy/medium Give some space to this XSS Filter. ;)

One of our developer who doesn't RTFM come up with this XSS filter. He thinks his filter is super duper secure. Can you prove him wrong?
Category: Cross Site Scripting (XSS)
Completed on 05-07-2019

Easy/medium Can you bypass the Open URL redirect filter?

Try not to overthink this one. Even though a website sometimes tell you how a function SHOULD function, sometimes it doesn't always do that. Look at what request is being sent, and can anything be...
Category: openurl
Completed on 27-01-2019