Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
612,933 coordinated disclosures
393,467 fixed vulnerabilities
929 bug bounties with 1,869 websites
18,819 researchers, 1199 honor badges

debsecTop-50 VIP Open Redirect Reporter Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile


Security researcher debsec has already helped fix 4645 vulnerabilities.



Researcher reputation:  1310

Real name:
Eduardo (debsec)

How to contact me:
mail: [email protected]
twitter: https://twitter.com/deb_security
https://hackerone.com/debsec
https://bugcrowd.com/debsec
https://www.hackthebox.eu/profile/59877

Certifications & Diplomas:
PPT, Offensive Security

Experience in Application Security
1-3 years

Award / Bug Bounty I prefer:
Paypal, Amazon gift card, BTC, Swag, Gifs.. or thanks :)

paypal mail: [email protected]

Follow me on:
Twitter

Recommendations and Acknowledgements | Full List:

@cyberday_gmbh     24 April, 2019
    Twitter cyberday_gmbh DLO from CYBERDAY GmbH:
Thanks for reporting a xss issue in a magento module
@gfarret1     7 March, 2019
    Twitter gfarret1 Guillaume from IFAD:
Thank you Eduardo for helping us identify an XSS, really appreciated! The description of the vulnerability was clear and allowed us to make a fix quickly.
@SOSLaChapelle     2 January, 2019
    Twitter SOSLaChapelle Dev from QL:
Thanks a lot Eduardo for the report and explanation of what you found. The issue has been patched.
@rtvde     18 December, 2018
    Twitter rtvde rtvde from rtv media group:
Thank you a lot for the information and the support on fixing the issue! Very friendly and kind contact.
@maennerformat     13 December, 2018
    Twitter maennerformat Juergen from maennerformat.de:
Thank you very much for your friendly and uncomplicated help! :-)
@scubapics_de     27 November, 2018
    Twitter scubapics_de Rainer from Omneia:
Thanks Eduardo, most helpful and great work, really appreciated! Impressed of the quick help how to fix. Good man!
@modulargridNET     26 November, 2018
    Twitter modulargridNET Knut Schade from ModularGrid:
Thanks Eduardo, very friendly and helpful!
@dJoceNet     21 November, 2018
    Twitter dJoceNet Jocelyn from eiffel.org:
Thank you for notifying us of the issue and check it was fixed!
@jcolls     19 November, 2018
    Twitter jcolls Jonathan Colls from ABC:
Many thanks to Eduardo for letting us know of a vulnerability and some suggested solutions.
@Honscha_Muenzen     16 November, 2018
    Twitter Honscha_Muenzen Tobias from THCoin:
Thank you very much for your help!
@davidbehler     31 October, 2018
    Twitter davidbehler David from PrepLounge:
Thank you for helping us identify and fix multiple XSS vulnerabilities
@wiesenbacher     11 October, 2018
    Twitter wiesenbacher Wiesenbacher from multiNETT:
Thank You Eduardo! I fixed the Problem on 2018/10/08. But unfortunately you forgot to switch my Status to "patched". You wrote me, you have done this. Did you found later an other security Risk?
@whitedataDE     10 October, 2018
    Twitter whitedataDE Dominik from whitedata Holding GmbH:
Thank you very much for your friendly help.
@wiesenbacher     8 October, 2018
    Twitter wiesenbacher Michael from multinett:
thank you for your hint!
@inoventu     26 September, 2018
    Twitter inoventu Alex from Inoventu:
Eduardo send a quick and detailed report. Thank you for your help!
@SocialbakersSec     13 September, 2018
    Twitter SocialbakersSec Socialbakers Security from Socialbakers:
Thanks to Eduardo for reporting vulnerability and details!
@0d92c596     3 September, 2018
    Twitter 0d92c596 Security Officer from INSMI/CNRS:
A great thanks to Eduardo for his help fixing an XSS vulnerability.
Clear explanation. Quick fix!
@frecl     14 August, 2018
    Twitter frecl Frank from Reclam:
Eduardo helped us in a very quick and fair way so that we could implement a bugfix. Thanks very much!
@netz_meister     24 July, 2018
    Twitter netz_meister marko from netz-meister:
Eduardo acted fair and quick by sending information on a xss vulnerability and how to fix it. Well done.
@jcid     9 July, 2018
    Twitter jcid Cliff from JCID:
Eduardo found a XSS vulnerability on one of our sites and we were able to find it and fix it. Thanks for the report!
@joerghambuch     5 July, 2018
    Twitter joerghambuch Jörg Hambuch from ADWM:
Eduardo informed us of an XSS vulnerability. Thanks to him, we could fix it before the bad guys were able to use it. He responded quick and was very helpful.
@bertbalcaen     3 July, 2018
    Twitter bertbalcaen Bert Balcaen from VSPW:
Eduardo was quick and correct in reporting an issue with our website. He was very helpful and to the point when describing the issue and a possible solution.
@nonfiction_fr     1 July, 2018
    Twitter nonfiction_fr Nonfiction from Nonfiction.fr:
Many thanks to Eduardo who helped us to identify and fix a XSS vulnerability on our website. His explanations were very clear and provided some tips which were very useful.
@eelcoheuvelmans     27 June, 2018
    Twitter eelcoheuvelmans Eelco Heuvelmans from Blink:
Thanks for the pointer to the vulnerability and explanation.
@Nu_Gratis     15 June, 2018
    Twitter Nu_Gratis Alex from NuGratis:
Thanks to Eduardo we have fixed a XSS vulnerability on our website. His help was fast and he gave simple instructions on how to fix the problem. Many thanks!
@avanthof     7 June, 2018
    Twitter avanthof Arjan from Medem:
Thanks to Eduardo to help us out with a XSS vulnerability. Problem solved!
@MediaVgn     7 June, 2018
    Twitter MediaVgn Toni Liebscher from VGN Digital:
deb_security communicated very fast and in a constructive manner. Thanks to his examples and detailed description we were able to find and fix the vulnerability very quickly. Thank you!
@digisolid     4 June, 2018
    Twitter digisolid Martin Otte from Klik-info.nl:
Eduardo helped us to found a XSS vulnerability. Thanks!
@activeinbox     1 June, 2018
    Twitter activeinbox Andy Mitchell from ActiveInbox:
Truly appreciated Eduardo not only finding the issue in the first place, but giving a really clean and simple instruction on how to resolve it. I didn't think twice about giving him an award, as a little cost up front is so much more valuable than fixing an attack later.
@RSwartzer     31 May, 2018
    Twitter RSwartzer Ron Swartzendruber from Western Oregon University:
Eduardo has been very helpful, not only explaining the problem but suggesting a solution that worked.
@SandiSchleicher     31 May, 2018
    Twitter SandiSchleicher SSchleicher from iGive:
Thank you for letting us know about this issue. It has been corrected. We always appreciate help improving our site.
@rat_info24     31 May, 2018
    Twitter rat_info24 F.K. from F/X W. C.:
Eduardo was reacting in lightning speed once I contacted him. He explained the issue to me very clear and provided a comprehensive amount of possible solutions. This was really great service, thanks so much!
@Lecture2Go     28 May, 2018
    Twitter Lecture2Go Lecture2Go from UHH:
Thank you for helping us to find XSS vulnerability!
@ArtisUpenieks     25 May, 2018
    Twitter ArtisUpenieks Artis from kurpirkt:
Thank you Eduardo for helping us to find and to fix the vulnerability!
@hikingsite     22 May, 2018
    Twitter hikingsite Raymond from Hiking-site.nl:
Eduardo was very clear in showing where I had missed some security settings and was friendly enough to check my changes afterwards to make sure things were solved. Fast in his response. Great service!
@aartvdwerf     22 May, 2018
    Twitter aartvdwerf Aart from OI:
Thanks for helping us fixing two XSS vulnerabilities!
@M_C_E_S_T     14 May, 2018
    Twitter M_C_E_S_T StefanK from MCES:
Thank you very much for reporting the XSS vulnerability in one of our website forms, and for sharing detailed information. So we were able to close the hole fast.
@nidapo5     10 May, 2018
    Twitter nidapo5 Nick Porter from 5th Dunstable Scout Group:
deb_security promptly provided full details and examples, that made it easy to pin down the problem. Many thanks to deb_security for highlighting this issue, so that I could fix it.
@nidapo5     9 May, 2018
    Twitter nidapo5 Nick Porter from 5th Dunstable Scout Group:
Thanks for highlighting my widespread XSS problem, which I think I have now fixed. Very prompt in supplying full details and example URLs, which helped a lot.
@bobthenob     8 May, 2018
    Twitter bobthenob Bob Kolk from Tumbl Trak:
Thank you for letting me know about our XSS issue, Eduardo. Swag is on the way!
@m_karg     26 April, 2018
    Twitter m_karg m_karg from IMSoft:
Thanks for helping fixing a XSS vulnerability
@reichardtalex     20 April, 2018
    Twitter reichardtalex Alex from Overnightprints:
Thanks for your help to make our site more secure!
@korinly     18 April, 2018
    Twitter korinly Korin Lykam from Bitch Media:
Thank you for supplying the information about a vulnerability so quickly. We were able to fix it immediately!
@RealMarcelHauer     18 April, 2018
    Twitter RealMarcelHauer Marcel from CSS:
Thank you Eduardo for highlighting the XSS vulnerability on our customers website and helping us with suggestions. :-)
@FerienNetzwerk     12 April, 2018
    Twitter FerienNetzwerk Ingo from FerienNetzwerk:
Thanks for the message and the very fast support.
@xTazOsailling     4 April, 2018
    Twitter xTazOsailling GirardO from University of Angers, FR:
Thank you for reporting a vulnerability on our website so we could fix it quickly.
@juppwerner     3 April, 2018
    Twitter juppwerner Joachim Werner from diggin-data:
Thank you very much for reporting a vulneraibility and suppling detailed information for solution.
@graubuendner     2 April, 2018
    Twitter graubuendner Roman from Graubünden Online:
thank you Eduardo, good work! Greetz from Switzerland
@theUniC     26 March, 2018
    Twitter theUniC Christian Soronellas from Enalquiler:
Eduardo kindly and professionally reported us an ugly security issue. The report he sent and all the details he provided were extremely useful to spot the issue. So thanks to his help now our site is a bit more secure.
@TenSoonK     21 March, 2018
    Twitter TenSoonK Yotoon from Wallhalla.com:
Thank you so much for your help. We need more people like Eduardo!
@rchutter     19 March, 2018
    Twitter rchutter Reinhard Hutter from webtourismus.at:
Thanks for helping us fixing a XSS vulnerability
@farhan6318     16 March, 2018
    Twitter farhan6318 Farhan from Islamic Online University:
Thank you Eduardo ,you are extremely helpful and knowledgeable
@aubiplus     16 March, 2018
    Twitter aubiplus Thorben from AUBI-plus:
Thank you for pointing us to the XSS vulnerability on our website.
@tmsq     14 March, 2018
    Twitter tmsq Seb from SS7:
Thanks Eduardo for notifying us about a XSS vulnerability on the website and you suggestions!
@WFlieder     13 March, 2018
    Twitter WFlieder Winfried Flieder from LILAC media:
Thank you for reporting this vulnerability and your help to patch it. We hihgly recommend you
@bintangZRH     12 March, 2018
    Twitter bintangZRH Clemens from solidIT AG:
Thank you very much for your help. Greatly appreciated!
@jenskoester     28 February, 2018
    Twitter jenskoester Jens from netzlabor:
Thank you for your great support in identifying a XSS vulnerability. You're a great guy!
@dolphin_systems     28 February, 2018
    Twitter dolphin_systems YPG from Dolphin:
Thanks Eduardo for your professional help in solving our security issue. I very much appreciated your Patience! well done, good Job
@BudTerence5     15 February, 2018
    Twitter BudTerence5 Hendrik from Mahr:
Thanks to Eduardo for his great researching and detailed report. Great Work!
@Ross85042     14 February, 2018
    Twitter Ross85042 RRiccio from MIUR:
Thanks to Eduardo for his expertise and readiness: he helped us to solve a problem rapidly
@beratunghelp     14 February, 2018
    Twitter beratunghelp Benjamin Slezak from netdoktor GmbH:
Thanks to deb_security we just fixed a XSS vulnerability. Great! Very nice of you!
@maticej     10 February, 2018
    Twitter maticej Matthew from exact media:
Eduardo helped us fix the xss vulnerability. Great guy!
@Andreas33171176     8 February, 2018
    Twitter Andreas33171176 Andreas from ZAMG:
Thank you Eduard, for scanning our site and the detailed report.
@jucarsa21     8 February, 2018
    Twitter jucarsa21 jucarsa21 from upm.es:
Thank you Eduardo for identifying a XSS-Vulnerability on our website and give a cleary suggestion
@daughterofpoets     7 February, 2018
    Twitter daughterofpoets Doa from Thrive Global:
Thanks for reporting a legitimate vulnerability and providing us extensive info right away so we could patch. Definitely recommend you!
@Lea_Goasguen     7 February, 2018
    Twitter Lea_Goasguen LoganeLea from LaTélé:
Thanks very much for your help and your reactivity.
@pdreijnders     6 February, 2018
    Twitter pdreijnders Patrick from Saxion:
Thank you Eduardo for giving us the heads-up on the XSS vulnerability of our site. Very helpful, keep up the good work!
@lloydalvarez     5 February, 2018
    Twitter lloydalvarez Lloyd A from aes:
Thanks Eduardo for your amazing professionality and ethics! There should be more of you out there in the world!
@LaggedSkip     2 February, 2018
    Twitter LaggedSkip Michael from Skiplagged:
Eduardo provided detailed steps and explanation to a vulnerability on our site. Much appreciated.
@__AhmedKamel     31 January, 2018
    Twitter __AhmedKamel Ahmed Kamel from ZADGroup:
deb_security has helped us today to mitigate an XSS vulnerability for free, thanks a lot for your efforts.
@truncheonhead     25 January, 2018
    Twitter truncheonhead Tobias Kästle from Viva con Agua:
deb_security explored a XSS vulnerability on our website and immediately helped us to fix the issue! I'm really thankful for the great work!
@buweb     24 January, 2018
    Twitter buweb Anton from Boston University:
Eduardo is great. Very helpful and ready for a talk.
@kentreez     23 January, 2018
    Twitter kentreez Kasidiss from Lnw:
Thank you Eduardo for identifying a XSS-Vulnerability on our website and give a cleary suggestion.
@doc__ua     19 January, 2018
    Twitter doc__ua doc.ua from doc.ua:
Our first XSS vulnerability was reported by Eduardo. Thanks
@alin     19 January, 2018
    Twitter alin alin from avocatnet.ro:
Thank you, Eduardo, for helping us find and fix a vulnerability. I fully recommend you.
Best.
@hugolassiege     19 January, 2018
    Twitter hugolassiege Hugo Lassiege from Malt:
Thanks to Eduardo who reports an XSS vulnerability on our site.
Thanks !
@AC_Anonymous     17 January, 2018
    Twitter AC_Anonymous Ac_Anonymous from AC_Anonymous:
Thanks, Eduardo! :D We are now aware of a XSS vulnerability in our site, so.. Time to fix it!
@JFPlaMed     17 January, 2018
    Twitter JFPlaMed JerryF from PlanetMedia:
deb_security provided prompt and clear assistance to help us replicate and address our issue. Thank you !
@suisho     10 January, 2018
    Twitter suisho Aki from densuke:
With precise advice, he helped me very much.
I really appreciate it.
@ollmii     9 January, 2018
    Twitter ollmii Oliver from TUHH:
deb_security alerted us about an XSS vulnerability and recommended a working solution to solve that. Thank you!
@dmitrysir     9 January, 2018
    Twitter dmitrysir Dmitry from Vesti:
Very professional, thanks for help!
@FabianSchorb     9 January, 2018
    Twitter FabianSchorb Fabian :
Thank you very much for identifying a XSS-Vulnerability on our Website!
@lbalves     8 January, 2018
    Twitter lbalves Leandro from Méliuz:
deb_security has helped us to identify a XSS vulnerability on our blog. Thanks!
@keneniah777     19 December, 2017
    Twitter keneniah777 Holger Selig from Tradino GbR:
deb_security helped to patch a lot of our installations. Therefore once again many thanks.
@dmg_geom     15 December, 2017
    Twitter dmg_geom Ronald from TU-Wien:
Dear Eduardo, thank you for your help to find and fix a XSS vulnerability on our site! All the best!
@keneniah777     14 December, 2017
    Twitter keneniah777 Holger from Tradino GbR:
Thanks to Eduardo we could fix a severe vulnerability that was undetected for months.
@Eurojobs_com     29 November, 2017
    Twitter Eurojobs_com Eurojobs_com from Eurojobs.com Ltd:
Thanks Eduardo for alerting us to this vulnerability!
@Schmierwoschd     29 November, 2017
    Twitter Schmierwoschd Wolfgang S. from MMcom:
Dear Eduardo, thank you very much for your professional help and the friendly contact. All the best
@shaunallcock     28 November, 2017
    Twitter shaunallcock Shaun from Click:
deb_security has helped us to identify a XSS vulnerability on our sites, thanks for the help.
@componavt     30 October, 2017
    Twitter componavt Andrew Krizhanovsky from Institute of Applied Mathematical Research:
Thank you for your help!
@teddyrised     24 October, 2017
    Twitter teddyrised Terry from Aarhus University:
deb_security has helped us to identify a single XSS vulnerability on our site, and responded in a timely and professional manner.

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:13900
Total reports on VIP sites:1167
Total patched vulnerabilities:4645
Recommendations received:91
Active since:04.10.2017
Top Security Researcher Awards:Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate


Researcher Certificate



No posts in blog yet


Reported Vulnerabilities

All Submissions VIP Submissions

Domain Reported Status Type
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
patched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
patched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
patched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting
05.06.2019
unpatched
Cross Site Scripting

  Latest Patched

 30.10.2020 123rf.com
 30.10.2020 t3n.de
 30.10.2020 489pro.com
 30.10.2020 dgtle.com
 29.10.2020 photobucket.com
 29.10.2020 istockphoto.com
 29.10.2020 skin.gs
 28.10.2020 plos.org
 28.10.2020 audiusa.com
 28.10.2020 um.es

  Latest Blog Posts

26.10.2020 by _r00t1ng_
Bypass Addslashes using Multibyte Character
26.10.2020 by _r00t1ng_
One Payload to Inject them all - MultiQuery Injection
26.10.2020 by _r00t1ng_
Routed SQL Injection
26.10.2020 by _r00t1ng_
DIOS the SQL Injectors Weapon
26.10.2020 by p4c3n0g3
How to find AngularJS XSS

  Recent Recommendations

@benskiddle     30 October, 2020
    Twitter benskiddle:
Great disclosure of an SQL injection bug with good details to replicate the issue. Thank you.
@MizoueShumpei     29 October, 2020
    Twitter MizoueShumpei:
Thank you very much for your help.
@adridder     28 October, 2020
    Twitter adridder:
Thank you for your help with this XSS vulnerability on our site. We appreciate the responsible reporting via openbugbounty.
@gaborvitez     28 October, 2020
    Twitter gaborvitez:
Ajaysen R found a reflected cross site scripting bug in one of our cgi scripts, this way he helped us improve the security of our website. He was really fast to react, working with him was really a pleasure. We are grateful for the issues he made us aware of.
@Jobe1986     28 October, 2020
    Twitter Jobe1986:
Thank you for your efforts and reporting the XSS vulnerability you found on my website.