_Y000_ | Security Researcher Profile
Security researcher _Y000_ has already helped fix 156 vulnerabilities.
Researcher reputation: 0
Real name:
Luis Madero
About me:
computer systems engineer, computer security technician and data network, finder, English teacher, 23 years old
Contact email:
via Twitter: https://twitter.com/_Y000_
Certifications & Diplomas:
computer systems engineer, computer security and data network technician,etc...
Experience in Application Security
1-3 years
Award / Bug Bounty I prefer:
-Halls of fame
-bug bounty payment
-a simple recommendation or thanks
Anything its ok for me!
[email protected]
Follow me on:
Twitter
Ethics and Rules:
Luis Madero is required to abide by the ethics and rules of the Open Bug Bounty project. If you reasonably believe that rules are not respected, please report this to us.
Recommendations and Acknowledgements
Honor Badges
Number of Secured Websites
|
|
|
|
10+ Websites
|
50+ Websites
|
500+ Websites
|
WEB SECURITY VETERAN
1000+ Websites
|
Advanced Security Research
|
|
|
|
WAF Bypasser
|
CSRF Master
30+ Reports
|
AppSec Logic Master
30+ Reports
|
Fastest Fix
Fix in 24 hours
|
Outstanding Achievements
|
|
|
|
Secured OBB
|
OBB Advocate
|
Improved OBB
|
Commitment to Remediate and Patch
|
|
|
|
Patch Master
55% Patched
|
Patch Guru
65% Patched
|
Patch Lord
75% Patched
|
Recommendations and Recognition
|
|
|
|
REPUTABLE
10+ Recommends
|
FAMOUS
25+ Recommends
|
GLOBALLY TRUSTED
50+ Recommends
|
Distinguished Blog Author
|
|
|
|
1 Post
|
3 Posts
|
5+ Posts
|
Research Statistics
Total reports: | 205 |
Total reports on VIP sites: | 15 |
Total patched vulnerabilities: | 156 |
Active since: | 29.09.2020 |
Reported Vulnerabilities
All Submissions VIP SubmissionsFeatured Submissions
Domain | Reported | Status | Type |
---|
25.12.2020 How to bypass mod_security (WAF)
Hello, this time I would like to share with you how to evade the WAF mod_security.
Looking for vulnerable pages I came across a website that, after spending a little time on it, I realized that it could be vulnerable to sql injections, then I realized that it was “protected” with mod_security and decided to see if I could skip the waf.
I share how I did it …
10.12.2020 sql injection to bypass Mod_Security
sql injection + bypass Mod_Security
/*!50000un0x696fn*/+/*!12345AlL*/(/*!50000se0x6c65ct*/+1)
/*!50000%75%6e%69on*/ %73%65%6cect 1
/*!12345UnioN*//**/(/*!12345seLECT*//**/1)
/*!12345#qa%0A#%0AUnIOn*/(/*!12345#qa%0A#%0ASeleCt*//**/1)
10.12.2020 Create encoded sql payloads
Please login via Twitter to add a recommendation