Report Email Alerts Open Bug Bounty: 107313 coordinated disclosures
Full Disclosure: 32316 vulnerabilities
Total Vulnerabilities Fixed: 36297
116264 vulnerable websites, 12669 VIP websites
2787 security researchers, 3863 notification subscribers

DrStache Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile

Security researcher DrStache has already helped fix 1226 vulnerabilities.

Follow me on:
Twitter

Real name:
Florian C.

About me:
French student in Networking and Telecommunications
Security enthusiast

How to contact me:
[email protected]

Contact me as soon as possible so we can work together to quickly protect your users.

Experience in Application Security:
1-3 years

Award / Bug Bounty I prefer:
A thanks/profile recommendation will be really appreciated and is enough, but if you'd like:
~ Bug Bounty (PayPal / BTC)
~ Hall of Fame
~ Swag (T-shirt, sticker..)

Halls of Fame:
https://hackerone.com/drstache
https://bugcrowd.com/DrStache


Statistics and Awards

Approved XSS vulnerabilities:4535
Approved XSS vulnerabilities on VIP websites:205
Patched vulnerabilities:1236
Verified vulnerabilities on Hold (Open Bug Bounty):1326
Active since:31.07.2016
Top Security Researcher Awards: Top Security Researcher of the Month Top Security Researcher of the Month
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Recommendations and Acknowledgements

22 March, 2017
JKrycha Josef Krycha from Canon Europe Ltd.:

DrStache reported multiple vulnerabilities in Canon websites ranging form reflected XSS's, SQL injections to information disclosure. All findings were valid and the communication with him was quick and efficient. Thank you for your help and best of luck!

9 March, 2017
bugfort26 NB. from CDC:

Merci pour ces échanges, qui auront permis de remotiver nos fournisseurs!

3 March, 2017
JNRIBETTE JN.RIBETTE from Kosmos:

Merci pour la détection des failles et pour les informations permettant de les corriger !

23 February, 2017
RCnfpt RSSI from CNFPT:

Un grand merci à Dr Stache pour les informations transmises.
Cela nous a permis de réagir rapidement. Encore merci et bonne continuation.

23 February, 2017
NicoBiot Nico B from CNFPT:

Merci à DrStache pour la détection de la faille et sa réactivité

20 February, 2017
fmplaw Florent.F from MEN - AC CRETEIL:

Une grande compétence et une super communication. Merci Dr Stache !

10 February, 2017
Brit_Hotel Jean-Manuel from Brit Hotel:

Un grand merci pour votre réactivité et votre aide ! ;)

7 February, 2017
meteociel Meteociel from Meteociel:

Thanks for the report of many XSS vulnerabilities for the Meteociel.fr site. Quick & precise answers.

8 January, 2017
saitenforum Jens from Saitenforum:

DrStache was extremely helpful, responsive and knowledgeable in pointing me to the vulnerabilities on my websites. I can highly recommend him! Keep up the great work. Thanks a lot!

8 November, 2016
Winaskin Vador from Winaskin.com:

Thank you DrStache, with you, we patched our issue ;-)

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation


Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

Domain Reported Status Type
23.03.2017
On Hold
XSS  (Open Bug Bounty)
23.03.2017
On Hold
XSS  (Open Bug Bounty)
23.03.2017
On Hold
XSS  (Open Bug Bounty)
23.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
22.03.2017
On Hold
XSS  (Open Bug Bounty)
16.03.2017
On Hold
XSS  (Open Bug Bounty)
16.03.2017
On Hold
XSS  (Open Bug Bounty)
16.03.2017
patched
XSS  (Open Bug Bounty)
16.03.2017
On Hold
XSS  (Open Bug Bounty)
16.03.2017
On Hold
XSS  (Open Bug Bounty)

Latest VIP Submissions

activecampaign.com
Reported by dim0k Twitter: @d1m0ck
Recommendations received: 21
Approved XSS vulnerabilities: 4121
Approved XSS vulnerabilities on VIP websites: 2644
on 27.03.2017
runkeeper.com
Reported by dim0k Twitter: @d1m0ck
Recommendations received: 21
Approved XSS vulnerabilities: 4121
Approved XSS vulnerabilities on VIP websites: 2644
on 27.03.2017
dialog.ua
Reported by OmniGooch Recommendations received: 2
Approved XSS vulnerabilities: 2570
Approved XSS vulnerabilities on VIP websites: 149
on 26.03.2017
star.com.tr
Reported by porthunter Twitter: @porthunter
Recommendations received: 1
Approved XSS vulnerabilities: 301
Approved XSS vulnerabilities on VIP websites: 127
on 26.03.2017
3djuegos.com
Reported by porthunter Twitter: @porthunter
Recommendations received: 1
Approved XSS vulnerabilities: 301
Approved XSS vulnerabilities on VIP websites: 127
on 26.03.2017
laposte.fr
Reported by porthunter Twitter: @porthunter
Recommendations received: 1
Approved XSS vulnerabilities: 301
Approved XSS vulnerabilities on VIP websites: 127
on 26.03.2017
itu.int
Reported by Over Approved XSS vulnerabilities: 635
Approved XSS vulnerabilities on VIP websites: 145
on 26.03.2017
urlaubsguru.de
Reported by secuninja Recommendations received: 2
Approved XSS vulnerabilities: 136
Approved XSS vulnerabilities on VIP websites: 6
on 26.03.2017
wko.at
Reported by L1M4R Approved XSS vulnerabilities: 201
Approved XSS vulnerabilities on VIP websites: 2
on 26.03.2017
meinestadt.de
Reported by secuninja Recommendations received: 2
Approved XSS vulnerabilities: 136
Approved XSS vulnerabilities on VIP websites: 6
on 26.03.2017

Latest Submissions

handwerker-versand.de
Reported by badmaxx Twitter: @_badmaxx_
Approved XSS vulnerabilities: 76
on 27.03.2017
backformen-onlineshop.de
Reported by badmaxx Twitter: @_badmaxx_
Approved XSS vulnerabilities: 76
on 27.03.2017
wogibtswas.de
Reported by badmaxx Twitter: @_badmaxx_
Approved XSS vulnerabilities: 76
on 27.03.2017
backwelt24.de
Reported by badmaxx Twitter: @_badmaxx_
Approved XSS vulnerabilities: 76
on 27.03.2017
intergastro.de
Reported by badmaxx Twitter: @_badmaxx_
Approved XSS vulnerabilities: 76
on 27.03.2017
wasteskins.com
Reported by Spam404 Twitter: @Spam404Online
Recommendations received: 61
Approved XSS vulnerabilities: 21980
Approved XSS vulnerabilities on VIP websites: 1556
on 27.03.2017
smarthealthshop.com
Reported by OmniGooch Recommendations received: 2
Approved XSS vulnerabilities: 2570
Approved XSS vulnerabilities on VIP websites: 149
on 27.03.2017
meilleurmobile.com
Reported by Gr00v_ Twitter: @Gr00v_
Approved XSS vulnerabilities: 11
Approved XSS vulnerabilities on VIP websites: 8
on 27.03.2017
prix.net
Reported by Gr00v_ Twitter: @Gr00v_
Approved XSS vulnerabilities: 11
Approved XSS vulnerabilities on VIP websites: 8
on 27.03.2017
b-abo.ru
Reported by OmniGooch Recommendations received: 2
Approved XSS vulnerabilities: 2570
Approved XSS vulnerabilities on VIP websites: 149
on 26.03.2017