Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
610,843 coordinated disclosures
392,912 fixed vulnerabilities
926 bug bounties with 1,856 websites
18,792 researchers, 1199 honor badges

SecuNinja Top VIP Security Researcher of the Month | Security Researcher Profile


Security researcher SecuNinja has already helped fix 3428 vulnerabilities.



Researcher reputation:  940

Real name:
SecuNinja

About me:
nice-hat hacker :)

How to contact me:
English or German:

[email protected]
https://twitter.com/secuninja

Certifications & Diplomas:
CISM, CCNA and others

Experience in Application Security
3-5 years

Award / Bug Bounty I prefer:
Feel free to provide Bug Bounty:
PayPal, Vouchers, BTC, public recognition, tweets or any kind of swag

Halls of Fame:
listed on my website https://secu.ninja

Follow me on:
Twitter

Recommendations and Acknowledgements | Full List:

@yachtinglimited     7 January, 2020
    Twitter yachtinglimited Mike from Yachting Limited:
Many thanks for your very helpful work in identifying and responsibly reporting a security vulnerability on one of our websites SecuNinja. Your help was especially appreciated given it was the holiday period.
@belikewata     31 December, 2019
    Twitter belikewata Kelvin from dotasia:
Thank you SecuNinja for reporting our vulnerability. You were the first one to report our issue but somehow we did not see the report until a second researcher later reported the same issue and we saw your original report in the listing. The issue is now patched.
@darchenlanze     17 December, 2019
    Twitter darchenlanze Uwe from check-domain:
Thank you a lot for finding the vulnerability and your perfect support.
@phdev6     12 September, 2019
    Twitter phdev6 ph-dev from Peter Hahn:
SecuNinja found a XSS Bug on our site, thanks for reporting i responsibly!
@SelectLine_GmbH     21 August, 2019
    Twitter SelectLine_GmbH Web-Team from SelectLine Software GmbH:
Thank you, SecuNinja, for pointing out a vulnerability on one of our websites.
@CouriernetI     12 May, 2019
    Twitter CouriernetI Alexander Janussek from Couriernet GmbH:
Secuninja helped us fix the vulnerability on our website. He replied to all our emails in a very friendly, professional and patient way. He provided us all the technical details to solve the problems. Thanks a lot for that. Great job.
@cyberday_gmbh     1 April, 2019
    Twitter cyberday_gmbh DLO from CYBERDAY GmbH:
thanks for reporting
@testberichteDE     23 November, 2018
    Twitter testberichteDE Andreas S from Testberichte.de:
Hi SecuNinja, thank you very much for your information on our vulnerability! This helps us keeping our website secure.
@Tgirl_Christin     12 November, 2018
    Twitter Tgirl_Christin Christin Löhner from Akademie für Sport und Gesundheit:
Thanks to SecuNinja, who has found a vulnerability on our website. After claiming the site here on OpenBugBounty and so getting the information about the vulnerability, I was able to fix it in seconds. Thanks again, for hunting! Christin
@GeorgiHristov     10 October, 2018
    Twitter GeorgiHristov George Hristov from Webit.org:
Many thanks to SecuNunja for fast and helpful response about problems of our website.
@RajatAr51352684     17 September, 2018
    Twitter RajatAr51352684 Rajat from ESCADA SE:
thanks a lot for reporting security vulnerability in our website. Great work and very supportive in case of additional questions.
@endurit1     12 September, 2018
    Twitter endurit1 Christian from endurit gmbh:
Thank you, SecuNinja, for pointing out a vulnerability on one of our websites. And for the professional support.
@winterreise1978     17 July, 2018
    Twitter winterreise1978 Gregor from Gregor:
Thank you for alerting to an XSS vulneribilty on our site. We fixed it thanks to your alert.
@cms_admin     11 July, 2018
    Twitter cms_admin CMSAdmin from European University Viadrina:
Secuninja has helped us to secure our website. Quickly, friendly and most of all professional.
Thank You!
@gerryfort     27 June, 2018
    Twitter gerryfort Gerry from BikeBug:
Secuninja reported a vulnerability on our website. He was polite to deal with and professional. A great help and much appreciated. Highly recommend!
@medizinfuchs     20 June, 2018
    Twitter medizinfuchs Tobi from medizinfuchs GmbH:
Thank you very much for finding of a XSS Vulnerability on our website!
Great job, very competent, friendly and quick replies.
@SPARintheUK     4 June, 2018
    Twitter SPARintheUK Katherine from SPAR UK:
Thanks SecunNinja for highlighting an XSS vulnerability, and for the prompt and friendly interactions
@borox     30 May, 2018
    Twitter borox M. Bloch from Mistershoplister.de:
Thank you SecuNinja, for the finding of a XSS Vulnerability on my website!
Super job, very competent, friendly and quick replies.
@eulenberger     24 May, 2018
    Twitter eulenberger Sven from netclusive GmbH:
Thanks for the great support!
@RealArties     23 April, 2018
    Twitter RealArties RealArties from ASC Computersysteme:
Thank you for finding and reporting an XSS Vulnerability on our website. And thank you SecuNinja for the provided additional informations thus enabling us to fix the issue and make our site safer for our visitors!
@StadlerITS     21 April, 2018
    Twitter StadlerITS H. Stadler from Stadler ITS:
SecuNinja uncovered a XSS vulnerability in a Magento extension of a shop from one of our clients. The contact with him was very professional and friendly, thanks a lot from our side!
@kevinBaseCom     19 April, 2018
    Twitter kevinBaseCom Kevin from Online Commerce:
Thank you for alerting to an XSS vulneribilty on our site
@CONET_Group     19 April, 2018
    Twitter CONET_Group Simon Vieth from CONET:
Thank you SecuNinja for identifying and reporting an XSS Vulnerability on our website, thus enabling us to fix the issue and make our site safer for us and our visitors! --- Vielen Dank dafür, dass Sie uns auf die XSS-Sicherheitslücke auf unserer Website aufmerksam gemacht und damit dazu beigetragen haben, unsere Seite sicherer zu machen!
@DIASoftware     28 March, 2018
    Twitter DIASoftware Christopher Meyering from DIA Connecting Software GmbH & Co. KG:
Big "thank you" to SecuNinja for not only finding some XSS-issues in our applications, but also for smart and fast answers!
@Halotho     27 March, 2018
    Twitter Halotho Thomas from UDG:
Thank you for finding an XSS security leak on one of our customers websites.
@feinkonzept     20 March, 2018
    Twitter feinkonzept Volker from Trion GmbH:
Thanks to SecuNinja for reporting a XSS vulnerability on a website of our client. He is doing a great job and the contact was very friendly and helfpful. Thumbs up!
@Ruegenwalder     19 March, 2018
    Twitter Ruegenwalder Thomas from Rügenwalder Mühle:
Thank you SecuNinja for identifying a XSS Vulnerability on our Website. Thanks a lot for your help!
@snudhh     2 March, 2018
    Twitter snudhh Thomas from snud:
Thank you for identifying two XSS Vulnerability on our Websites and the provided additional informations. Very professional ! Thanks a lot !
@ziduniwien     27 February, 2018
    Twitter ziduniwien Computer Center from University of Vienna:
Dear SecuNinja,
The University of Vienna would like to thank you for your valuable contribution in finding multiple website security issues.
Your input is highly welcome and helps to raise the security level of our educational institution.
Servus and greetings from Vienna, Austria.
@thorp88     19 February, 2018
    Twitter thorp88 Miles from Banana Moon:
Big thanks SecuNinja for reporting a XSS vulnerability and the speedy response!
@Forumotion     11 February, 2018
    Twitter Forumotion Team from Forumotion:
Secuninja helped us to fix a XSS vulnerability, very kind, fast and helpful. Many thanks !
@alsoisp     25 January, 2018
    Twitter alsoisp Alex from AlSoISP:
Thank you Secuninja for reporting a XSS vulnerability on our website!
Danke Secuninja für die Meldung einer XSS-Sicherheitslücke auf unserer Website!
@FabianSchorb     9 January, 2018
    Twitter FabianSchorb Fabian :
Thank you for identifying a XSS Vulnerability on our Website and the provided additional information!
@derhesse47     19 December, 2017
    Twitter derhesse47 Thomas Z. from AerzteZeitung:
Secuninja identified an issue on our site. He offered help to fix the problem. Thanks a lot.
@BstockerS     28 November, 2017
    Twitter BstockerS Benjamin from SolNet:
We got a a reply from SecuNinja very quickly. He described the XSS Vulnerability very clear so we could fix it. Very friendly contact. Thanks a lot!
@hhilbert66     19 November, 2017
    Twitter hhilbert66 Heiko from Informunity:
Many Thanks for reporting a XSS vulnerability on our domain. Contact was very friendly and helpful to fix that vulnerability. I recommend him for his good work!
@DerCraig     6 November, 2017
    Twitter DerCraig derCraig from somewebsite:
Thanks to @SecuNinja for finding XSS on a customers website! :)
@AckenKuehn     3 November, 2017
    Twitter AckenKuehn F. Kühn from ZZ:
Thanks for closing the XSS vulnerability, fast and professional!
@wiknf     30 October, 2017
    Twitter wiknf Marcel Junemann from nsv-online.de:
Thank you Secuninja for reporting a XSS vulnerability on our website! Much appreciated!
@pixelit     10 October, 2017
    Twitter pixelit Florian from PIXELit:
Secuninja found a XSS vulnarabilty. Contact was helpful and friendly and we werde able to fix the problem quickly. Thanks.
@Gastrodax     9 October, 2017
    Twitter Gastrodax Philipp from New Gastroline:
Vielen Dank nochmal!
@ARMistice     2 October, 2017
    Twitter ARMistice Alexander from BrettspielWelt:
Secuninja found XSS vulnerability on our WebSite, and we are very grateful about pointing out to this problem. He is very friendly, helpful and actively interessted in solving the problems. I recommend him highly for his work!
@seeli     28 September, 2017
    Twitter seeli Niels from TRIXIE Heimtierbedarf:
Secuninja reported a XSS vulnerability on our website. With the proof of concept the vulnerability was found very fast. He offered to help closing the vulnerability. many thanks!
@NETGAMESGera     21 September, 2017
    Twitter NETGAMESGera Markus from NETGAMES.de:
Thank you, Bug is fixed :-)
@ImperiaRZ     19 September, 2017
    Twitter ImperiaRZ Michael from Universität Regensburg:
Thank you, secuninja, for reporting a xss vulnerability on one of our Domains. Also thanks and big pespect for your fast response and the professional and cooperative contact.
@hqentertain     4 September, 2017
    Twitter hqentertain Dominic from HQ Entertainment Network:
Thanks very much for your researches and your work Secuninja! We really appreciate your hints and your prompt responses. Very professional and good work!
@eventrakete     27 August, 2017
    Twitter eventrakete Thomas H. from eventrakete.de:
Many thanks to secuninija! He helped us to find a XSS vulnerability on our website. Keep up the good work!
@FowlerSack     24 August, 2017
    Twitter FowlerSack andre from iriedaily.de:
thanx for your hint and your good work
@MischkaMcLovin     16 August, 2017
    Twitter MischkaMcLovin Stegemann from Spion Media GmbH:
Fast response. Great support. Perfect!
Thank's a lot!
@ulrich_heck     10 August, 2017
    Twitter ulrich_heck Ulrich Heck from Mirabit GmbH:
Secuninja helped us to make our website safer!
Thank you very much!!!
@DIYDoctor     27 July, 2017
    Twitter DIYDoctor James from DIY Doctor:
Spotted an XSS vulnerability on our site and notified us in a very professional and informative manner, what an absolute star!!
Hugely recommended for being both knowledgeable and friendly and polite!
@Liquid_Maker     24 July, 2017
    Twitter Liquid_Maker Martin from LiquidMaker:
Many thanks to secuninja! He helped me to identify a vulnerability on my page.
@jumkde     24 July, 2017
    Twitter jumkde Juergen from jumk.de:
Many thanks to secuninja for finding and helping to fix a XSS vulnerability.
@wirthundhorn     12 July, 2017
    Twitter wirthundhorn Operator from Wirth & Horn:
Thank you for reporting XSS vulnerabilities on our customers' websites.
Keep up the good work, helps us a lot!
@tarif4you     11 July, 2017
    Twitter tarif4you Alexander Gut from tarif4you.de:
Thank you very much, Secuninja, for your very professional work. Friendly and quick contact and good explanation about a security vulnerability founded on our website, so we fix it.
@Jett_Rink     1 July, 2017
    Twitter Jett_Rink Stefan from plattentests.de:
Many thanks to secuninja! He helped us to identify a vulnerability on our page.
@1und1     29 June, 2017
    Twitter 1und1 Andreas Maurer from 1&1 Internet:
Secuninja reported a severe vulnerability on our website. He was fast, polite and professional. A great help and much appreciated.
@telemarkup     29 June, 2017
    Twitter telemarkup Florian Bittner from Russmedia Digital:
Secuninja found a XSS vulnerability on one of our clients sites.
He treated the issue professional and confidential and was very kind and friendly when we contacted him for details.

Thank you very much for all your efforts and keep up the good work!
@cms_admin     16 June, 2017
    Twitter cms_admin CMSAdmin from European University Viadrina:
Secuninja helped us to make our website more secure, even when we thought it wouldn't be possible or necessary (well, it always is :)
Thank You for your help and professionalism!
@SayYeahNow     13 June, 2017
    Twitter SayYeahNow Christopher from kernpunkt:
You found an XSS vulnerability in one of our clients sites and you handled it very confidential. And also, you gave us the crucial hint. Our customer, and also we, are very happy that we could fix this with your help.

Thank you so much!
@tvinfode     7 June, 2017
    Twitter tvinfode Admin from TVinfo:
Very fast, friendly and knowledgeable!
@bdiekert     31 May, 2017
    Twitter bdiekert Bjoern from Borkenstein Plus:
Secuninja found an XSS vulnerability in one of our clients sites. This was handled very responsible and I'am happy we could fix this.

Thank you so much!
@ChrisFr95162402     28 May, 2017
    Twitter ChrisFr95162402 Chris from Hikma:
Thanks for reporting the vulnerability on our website and assisting in its resolution. An invaluable service.
@vlasceanu_d     20 May, 2017
    Twitter vlasceanu_d divsro from AV:
Thank you for reporting a security vulnerability on our website and for giving us the information needed in order to patch it. We really appreciate your help!
@DirkRoehrborn     3 May, 2017
    Twitter DirkRoehrborn Dirk Röhrborn from Communardo:
Thank you very much for reporting a security vulnerability on our website that allowed us to take action quickly and resolve the issue with the component vendor. Your work ist highly appreciated!
@MarkDatter     14 April, 2017
    Twitter MarkDatter Jason from Fluke Calibration:
M found a legitimate XSS vulnerability on our site and worked with us to resolve it. We were very grateful for the discovery - thanks!
@MarkZimmermannT     27 March, 2017
    Twitter MarkZimmermannT Mark from TROX:
Reported XSS vulnerability could be fixed immediately with his help. We are grateful for his help.
@RobmanMK     23 March, 2017
    Twitter RobmanMK RobmanMK from MK:
Thank you very much for reporting a security vulnerability on our website. Keep up the good work!
@cpjolly     22 March, 2017
    Twitter cpjolly Chris from sommer cable:
M really helped us out after he reported the XSS issue with our site and helped us close the vulnerability.

Thanks again

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:8030
Total reports on VIP sites:377
Total patched vulnerabilities:3428
Total vulnerabilities on Hold (Open Bug Bounty):82
Recommendations received:69
Active since:13.03.2017
Top Security Researcher Awards:Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Week

Open Bug Bounty Certificate


Researcher Certificate



No posts in blog yet


Reported Vulnerabilities

All Submissions VIP Submissions

Domain Reported Status Type
06.10.2020
On Hold
Cross Site Scripting
06.10.2020
On Hold
Cross Site Scripting
06.10.2020
On Hold
Cross Site Scripting
06.10.2020
On Hold
Cross Site Scripting
01.10.2020
On Hold
Cross Site Scripting
01.10.2020
On Hold
Cross Site Scripting
01.10.2020
On Hold
Cross Site Scripting
01.10.2020
On Hold
Cross Site Scripting
01.10.2020
On Hold
Cross Site Scripting
01.10.2020
On Hold
Cross Site Scripting
01.10.2020
On Hold
Cross Site Scripting
29.09.2020
On Hold
Cross Site Scripting
29.09.2020
On Hold
Cross Site Scripting
29.09.2020
On Hold
Cross Site Scripting
29.09.2020
On Hold
Cross Site Scripting
29.09.2020
On Hold
Cross Site Scripting
29.09.2020
On Hold
Cross Site Scripting
29.09.2020
On Hold
Cross Site Scripting
29.09.2020
On Hold
Cross Site Scripting
24.09.2020
On Hold
Cross Site Scripting

  Latest Patched

 29.10.2020 skin.gs
 28.10.2020 plos.org
 28.10.2020 audiusa.com
 28.10.2020 um.es
 28.10.2020 bpjs-kesehatan.go.id
 28.10.2020 dooda.me
 28.10.2020 inews.id
 28.10.2020 faz.net
 27.10.2020 dek-d.com
 27.10.2020 dict.cc

  Latest Blog Posts

26.10.2020 by _r00t1ng_
Bypass Addslashes using Multibyte Character
26.10.2020 by _r00t1ng_
One Payload to Inject them all - MultiQuery Injection
26.10.2020 by _r00t1ng_
Routed SQL Injection
26.10.2020 by _r00t1ng_
DIOS the SQL Injectors Weapon
26.10.2020 by p4c3n0g3
How to find AngularJS XSS

  Recent Recommendations

@MizoueShumpei     29 October, 2020
    Twitter MizoueShumpei:
Thank you very much for your help.
@adridder     28 October, 2020
    Twitter adridder:
Thank you for your help with this XSS vulnerability on our site. We appreciate the responsible reporting via openbugbounty.
@gaborvitez     28 October, 2020
    Twitter gaborvitez:
Ajaysen R found a reflected cross site scripting bug in one of our cgi scripts, this way he helped us improve the security of our website. He was really fast to react, working with him was really a pleasure. We are grateful for the issues he made us aware of.
@Jobe1986     28 October, 2020
    Twitter Jobe1986:
Thank you for your efforts and reporting the XSS vulnerability you found on my website.
@TConfetti     28 October, 2020
    Twitter TConfetti:
Vighnesh Gupta was responsive and professional in helping us remediate a bug on our website. Thank you for your insight, Vighnesh.