Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
607,189 coordinated disclosures
391,019 fixed vulnerabilities
923 bug bounties with 1,850 websites
18,727 researchers, 1197 honor badges

Spam404Top-50 XSS Researcher Top Security ResearcherTop-50 VIP Open Redirect Reporter Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile


Security researcher Spam404 has already helped fix 16365 vulnerabilities.



Researcher reputation:  720

Real name:
Cameron

How to contact me:
You can contact me via email - [email protected]

I encourage you to contact me ASAP so we can work together to quickly protect your users! All communication will be kept private.

Alternative Contacts:
Should I not respond via email (never happened!) please reach out via Twitter - @Spam404Online

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
An acknowledgment on my profile is enough but if you feel like treating me to something extra for my time I appreciate the following -

Bug Bounty (PayPal, Bitcoin)
Swag (T-Shirt etc)

Halls of Fame:
http://www.spam404.com/security-research.html
https://hackerone.com/spam404

Follow me on:
Twitter
LinkedIn

Recommendations and Acknowledgements | Full List:

@sniko_     17 January, 2019
    Twitter sniko_ Harry Denley from EtherScamDB:
Thank you for notifying us of an XSS vulnerability in our project
@OBB74286025     19 July, 2018
    Twitter OBB74286025 Security from IIR:
Thank you for locating some ancient code that we no longer needed anymore. Land mine defused!
@aartvdwerf     22 May, 2018
    Twitter aartvdwerf Aart from OI:
Thanks for letting us know about this XSS vulnerability. We appreciate the quick feedback.
@FRPJason     15 December, 2017
    Twitter FRPJason Jason from FrontRunner:
Cameron went through a few sites for us and identified a wide range of vulnerabilities. We really appreciated his work and will definitely stay in touch.
@nlptimes     1 December, 2017
    Twitter nlptimes Tom from DT:
Cameron discovered an XSS vulnerability in one of our 3rd party applications and was very helpful in bringing this to our attention, notifying the software vendor and advising what area needed to be fixed. Thank you very much!
@amercader     2 October, 2017
    Twitter amercader Adrià Mercader from Open Knowledge International:
Cameron helped identify an XSS vulnerability affecting several sites. The communication was excellent and the prompt and exhaustive details helped put a patch in place in a really short time. Much appreciated.
@ole_morten     23 June, 2017
    Twitter ole_morten Ole Amundsen from Paladin Software:
Cameron identified several vulnerabilities for us, making us aware and giving us the opportunity to fix. Greatly appreciated !
@TheRealXaiin     11 April, 2017
    Twitter TheRealXaiin Xaiin from H1Z1DB:
Cameron alerted me to some vulnerabilities on a couple of new sites I had released, he was exceptionally polite and very professional and I was able to act before anything happened to either site. Thank you Cameron!!
@1und1     27 January, 2017
    Twitter 1und1 Andreas Maurer from 1&1 Internet:
Cameron reported severals bugs on our website. He was fast, polite and professional. A great help and much appreciated.
@TeamViewer     21 December, 2016
    Twitter TeamViewer Axel Schmidt from TeamViewer:
Cameron helped us significantly improve our services, and certainly proved to be extremely knowledgeable. We are extremely grateful to him and very much appreciate his research.
@myvidster     2 November, 2016
    Twitter myvidster Marques from MyVidster:
Cameron found serval XSS exploits and was quick to respond to emails. Big thanks and keep up the wonderful work.
@Japigiacom     18 September, 2016
    Twitter Japigiacom Franco from japigia.com:
Cameron was great! He helped me to identify and definitively fix an XSS problem on an old script. Very skilled researcher! Thanks a lot!
@ISOatUO     8 September, 2016
    Twitter ISOatUO Jim @ISOatUO from University of Otago:
Cameron found an XSS in our site, and provided fast and accurate information to allow us to reproduce and fix. Thanks :-)
@christopherbolt     2 September, 2016
    Twitter christopherbolt Chris from BoltMail:
Cameron reported and helped us to resolve an XSS bug with our site, he was fast, polite and professional. A great help and much appreciated.
@traperto     22 August, 2016
    Twitter traperto Thorsten Rintelen from traperto GmbH:
Cameron helped us to identify some XSS vulnerabilities on the website of some of our customers. Thank you very much!
@mherrma50656928     17 August, 2016
    Twitter mherrma50656928 Marcel Herrmann from APTIS GmbH:
Cameron helped us to identify some XSS vulnerabilities on the website of one of our customers. Thank you!
@goathunter     29 June, 2016
    Twitter goathunter Hunter Goatley from Process Software:
Thanks for reporting the vulnerability. I was able to produce a fix for it easily, but it's not something I'd have ever thought to try.
@bryandowen     28 June, 2016
    Twitter bryandowen Bryan Owen from Medallia:
Cameron identified two issues with our web site, and shared details with us right away. He's doing this for the right reasons - and really doing a public service. Thank you, Cameron!
@MakerGen     6 June, 2016
    Twitter MakerGen Maker Gen from Maker Studios:
Cameron's report and subsequent description of multiple XSS vulnerabilities on our site was handled with extreme grace. The report informed us of these vulnerabilities without exposing it to third-parties. Once contacted about the issue, Cameron almost immediately got back to us with a detailed explanation of how to reproduce each of the found vulnerabilities which allowed us to fix them.
@johngrenham     6 June, 2016
    Twitter johngrenham John Grenham from johngrenham.com:
A great help and much appreciated
@robferrer     1 June, 2016
    Twitter robferrer Rob Ferrer from Presto Classical Ltd:
Many thanks to Cameron for his swift and professional disclosure, and polite and quick responses to email. A big help.
@odako1     27 May, 2016
    Twitter odako1 Koichi Oda from odalab.org:
I appreciate Cameron's report on the XSS vulnerability of my site and his responsive and straightforward explanation about the bug. It helped us a lot. We could put my site on the safe track again. Very nice.
@daverodenbaugh     26 May, 2016
    Twitter daverodenbaugh Dave from AWPCP:
Cameron reported an outdated plugin exploit from my site I had neglected to do something about--and I was able to remove it before I got hacked. Thanks, Cameron!
@xlaunay     24 May, 2016
    Twitter xlaunay Xavier from Daily Connect:
Thanks for identifying and reporting the vulnerability, and for making the web a safer place. Much appreciated.
@domhnallmurphy     13 May, 2016
    Twitter domhnallmurphy Domhnall Murphy from ExamTime Ltd:
Cameron helped to highlight some stray DNS records that needed removal on our domain. Many thanks for that!!
@wladekbb     6 May, 2016
    Twitter wladekbb wladek from Wikia:
Cameron helped find and fix those issues. He showed a great combination of responsiveness and being helpful along the road. Thank you!
@fgjordan     5 May, 2016
    Twitter fgjordan Forrest from rewardStyle:
Cameron helped us identify and confirm a patch to a vulnerability in one of our sites. Thanks Cameron!
@ActOnSoftware     5 May, 2016
    Twitter ActOnSoftware Paige Musto from Act-On Software:
Cameron's concise report allowed us to develop a fix quickly and efficiently. Thanks!
@cpweather     1 May, 2016
    Twitter cpweather Christian :
Cameron was really nice, professional and responsive. It helped me to locate a vulnerability I was not aware of! Thanks so much!
@journalclubapp     22 April, 2016
    Twitter journalclubapp Dave from Peripheral Brain, LLC:
Cameron was incredibly fast, nice, and professional. Highly recommended.

Dave
@roygrubb     22 April, 2016
    Twitter roygrubb Roy Grubb from InformationTamers:
My thanks to Cameron for helping keep the Web a safer place. Vuln identified and reported by Cameron with example, and now fixed.

Appreciation!
Roy
@s_s_h_f     21 April, 2016
    Twitter s_s_h_f Alex from SACD:
Thx to Dave for his warning.
The vulnerability was patched in due time.
@EarthRef     17 April, 2016
    Twitter EarthRef EarthRef from EarthRef:
Cameron was very helpful and responsive in helping us patch the vulnerability. Excellent job!
@davex0x29a     15 April, 2016
    Twitter davex0x29a Dave from Purplepixie:
Thanks so much! Great help in bringing our attention and such prompt assistance to narrow down.
@reuben_smith     13 April, 2016
    Twitter reuben_smith Reuben from wikiHow:
Thanks you for bringing these issues to our attention!
@onWebChat     8 April, 2016
    Twitter onWebChat PPsil. from onWebChat:
Thank you Cameron for bringing this to our attention. Very good support and really fast help!
@MagnusJacobi     30 March, 2016
    Twitter MagnusJacobi Magnus from Jigidi:
Thanks to Cameron we got less vulnerabilities now.
@Andy_GIbbons     23 March, 2016
    Twitter Andy_GIbbons Andy Gibbons from NetSupport Ltd:
So you get a notification that your website has a security Vulnerability, and you first thought is Oh No and you might think bad of the person reporting it. Well if its spam404 nothing could be further from the truth. Spam404 was very helpful when I contacted him and very prompt with responses, the information he provided made it easy to rectify the issue quickly. I would highly recommend Spam404.
@ozhermit     21 March, 2016
    Twitter ozhermit Joel from N/A:
Cameron is extremely responsive and professional. His work to make the internet a safer place is exceptional.
@jameswyeo     18 March, 2016
    Twitter jameswyeo James from SMU:
Thanks Cameron for all your help and expertise to detect XSS vulnerabilities on our sites. I contacted him after he alerted us and he provided clear instructions on the detection and re-verification. Thanks a million Spam404.
@SteveTTech1     17 March, 2016
    Twitter SteveTTech1 @stevettech1 from PR:
Thanks for bringing this to our attention. Much appreciated.
@smu_mtam     16 March, 2016
    Twitter smu_mtam Michael from SMU:
He was very helpful in identifying the issue. Thank you!
@fedeisas     7 March, 2016
    Twitter fedeisas Fede from Workana:
Cameron was very helpful and provided a clear proof-of-concept to fix an XSS vulnerability in our site. Fast and courteous responses, highly recommended.
@FamousEccles     7 March, 2016
    Twitter FamousEccles Rob from Freeola:
Thanks for bringing this to our attention. Very prompt and professional.
@Seemorgh     6 March, 2016
    Twitter Seemorgh Admin from Seemorgh:
Spam404 provided us with clear information about vulnerabilities on our site with out any expectation, Much appreciated.
@SeanAtStitcher     4 March, 2016
    Twitter SeanAtStitcher Sean Simpson from Stitcher:
Cameron was very quick and courteous, and provided a simple PoC that didn't require reverse engineering to determine it wasn't malicious.
@gregrgay     2 March, 2016
    Twitter gregrgay Greg from ATutorSpaces:
Highly recommend Spam404. Easy to test proof of concept. Quickly helped resolve a potential vulnerability.
@wlmthree     1 March, 2016
    Twitter wlmthree William from Knowmad:
Kudos to Spam404 for providing a safe proof-of-concept that allowed us to track down the issue. Thanks to @xbrowsertesting for providing the tools (e.g., old browsers) to find this bug.
@Elimontan     29 February, 2016
    Twitter Elimontan @elimontan from Njuskalo:
Highly recommended, exceptionally responsive, precise in communication, gives good explanation with proof of concept.
@patrick15018630     29 February, 2016
    Twitter patrick15018630 Patrick from 123RF:
Cameron was very helpful and response promptly every time we contacted each other. Effective and accurate information is given well at the start to speed up the process. Highly recommended.
@deniak974     23 February, 2016
    Twitter deniak974 deniak974 from W3C:
Great feedback with useful recommendations. Much appreciated!
@mikeraynham     18 February, 2016
    Twitter mikeraynham Mike from Flatshare:
Spam404 provided us with clear information about vulnerabilities on our site, and did so in a courteous and professional manner. Thank you.
@mike_geogebra     14 February, 2016
    Twitter mike_geogebra Michael Borcherds from GeoGebra:
Thanks, very helpful!
@horst_no     14 February, 2016
    Twitter horst_no horst_no :
Very helpful! Provides proof-of-concept. Much appreciated!
@casterln     14 February, 2016
    Twitter casterln Gary from UC Berkeley:
Much appreciated alert. Will take seriously any future notices for sure. Very helpful. Recommended!
@scubacom     10 February, 2016
    Twitter scubacom Daniel from eScuba:
Totally recommend!! Extremely knowledgeable and responsive - pointed us exactly to the right issue.
@jberciano     10 February, 2016
    Twitter jberciano Javier from CERTSI:
Very helpful information shared with us and extremely responsive.
@ashJermaine     9 February, 2016
    Twitter ashJermaine Ashley Ross from Ensemble Group:
Very helpful providing useful information along with proof-of-concept. I highly recommend.
@STEPHENJBERRY     7 February, 2016
    Twitter STEPHENJBERRY Steve Berry from Caregroup:
Very helpful notices; clear threat information and extremely responsive.
@ChakraOS     2 February, 2016
    Twitter ChakraOS Hans Tovetjärn from Chakra:
Polite and precise, provides proof-of-concept. Much appreciated.
@rkeeneybbq     26 January, 2016
    Twitter rkeeneybbq robsc from vetfriends.com:
Very helpful! I appreciate what you do.
@JoeDRamsey     19 January, 2016
    Twitter JoeDRamsey :
Extremely helpful.. appreciate your assistance!
@mahnamahna     14 January, 2016
    Twitter mahnamahna :
very helpful, very kind; recommended!
@gus81     10 December, 2015
    Twitter gus81 :
@mshilman     9 December, 2015
    Twitter mshilman :
@R3NW4     3 December, 2015
    Twitter R3NW4 :
@mikeninkranz     2 December, 2015
    Twitter mikeninkranz :
@urochestersp     2 December, 2015
    Twitter urochestersp :
@ret2libc     29 November, 2015
    Twitter ret2libc :

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:25188
Total reports on VIP sites:1868
Total patched vulnerabilities:16365
Recommendations received:69
Active since:03.11.2015
Top Security Researcher Awards:Gold Star The Top Security Researcher Gold Star The Top Security Researcher Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate


Researcher Certificate



No posts in blog yet


Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

Domain Reported Status Type
11.12.2019
unpatched
Cross Site Scripting
12.11.2019
unpatched
Open Redirect
05.11.2019
patched
Cross Site Scripting
06.10.2019
unpatched
Open Redirect
24.09.2019
unpatched
Cross Site Scripting
16.09.2019
unpatched
Open Redirect
05.09.2019
patched
Cross Site Scripting
05.09.2019
patched
Cross Site Scripting
05.09.2019
unpatched
Cross Site Scripting
05.09.2019
patched
Cross Site Scripting
05.09.2019
patched
Cross Site Scripting
05.09.2019
unpatched
Cross Site Scripting
05.09.2019
unpatched
Cross Site Scripting
05.09.2019
unpatched
Cross Site Scripting
05.09.2019
patched
Cross Site Scripting
05.09.2019
unpatched
Cross Site Scripting
05.09.2019
unpatched
Cross Site Scripting
05.09.2019
patched
Cross Site Scripting
05.09.2019
unpatched
Cross Site Scripting
05.09.2019
patched
Cross Site Scripting

  Latest Patched

 23.10.2020 untappd.com
 23.10.2020 petmd.com
 23.10.2020 dafont.com
 23.10.2020 skylum.com
 23.10.2020 mtcom.ws
 23.10.2020 ibtimes.com
 23.10.2020 goo-net.com
 22.10.2020 totaljobs.com
 22.10.2020 gamesindustry.biz

  Latest Blog Posts

05.10.2020 by _r00t1ng_
Steal IP Address using Image
05.10.2020 by _r00t1ng_
DDOS Using SQL injection (SiDDOS)
05.10.2020 by _r00t1ng_
XSS Injection with SQLi
14.09.2020 by aninda_anon
VPS Cheatsheet for bug hunting
14.09.2020 by pk_12397
A Story of IDOR To Account Takeover

  Recent Recommendations

@mako_o9999     23 October, 2020
    Twitter mako_o9999:
Gdattacker found a XSS problem on one of our websites and reported to us. We were able to solve the problem quickly. Thank you so much!
@BizzdoD     21 October, 2020
    Twitter BizzdoD:
Many thanks to Sithu for bringing a XSS vulnerability on our site to our attention. He was very courteous in communications and helped verify that our patch solved the problem properly. Thank you Sir for helping making the Internet a safer place.
@vadus     19 October, 2020
    Twitter vadus:
Warbid helped disclose several vulnerabilities on our website. With his help, we were able to patch this issue and close up the vulnerability. Thank you very much for your help, and thank you for helping to make the web a safer place.
@pagel     18 October, 2020
    Twitter pagel:
Many thanks to cyberaz0r for pointing out a css vulnerability on our site. He was very pleasant to deal with and shared his knowledge openly.
@amswebs     16 October, 2020
    Twitter amswebs:
Thank you for your help with this XSS vulnerability. We appreciate the responsible reporting via openbugbounty.