Security Researcher devl00p | Open Bug Bounty & Full Disclosure

OpenBugBounty.org > Security Researchers > devl00p

devl00p Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile

Security researcher devl00p has already helped fix 2248 vulnerabilities.

Info
Recommendations
Badges
Statistics
Certificate
Blog

Researcher reputation: 300

Real name:
Nicolas Surribas

About me:
I'm a french security researcher.
I'm also the creator of Wapiti, the open-source web vulnerability scanner.

Why I'm scanning the web for vulnerabilities and how I do it :
https://t.co/Q9KMr2Kdla

How to contact me:
nicolas.surribas 4t gmail d0t com

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Donations to help the Wapiti project:
Paypal paypal.me/devl00p

Follow me on:
Twitter

Recommendations and Acknowledgements

6 February, 2020

CoolgearLabs Caleb from Coolgear:

Thank you for the report, we'll get it cleared up ASAP.

30 January, 2020

vseowow Vincent from Spacio:

Thanks for the bug report and quick responses!

22 January, 2020

betterexplained Kalid Azad from betterexplained:

Thanks for the bug report!

18 January, 2020

damnitjim Aye from Formulation:

Thanks for taking the time to report the weaknesses and really appreciate the wapiti tool that you've developed.

14 January, 2020

Regina0xFFFF Regina from geom:

Thanks Nicolas for reporting me an XSS on my site. Fixed it now!

8 January, 2020

aing3l Ang3l from Lorma Colleges:

Thank you for the report and getting in touch to resolve a vulnerability in one of our sites. Hats off!

7 January, 2020

ChVuagniaux Christophe from inetis:

Thanks to Nicolas for informed us about a vulnerability on one of our website and gived us informations about reproducibility very fast.

3 January, 2020

astroseekcom Petr9 from Astro-Seek.com:

Thank you for informing me about another XSS vulnerability.

3 January, 2020

pavelmusil Pavel Musil from Pavel Musil:

Thank you for your reporting XSS vulnerability.

26 November, 2019

adventurent_ Carlos from adventurent:

Nicolas made us aware of an XSS vulnerability on our site and let us know the issue really fast so we were able to fix it within a short time. Thanks a lot!

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation

Honor Badges

Number of Secured Websites


10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research


WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements


Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch


Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition


REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author


1 Post	3 Posts	5+ Posts

Research Statistics

Total reports:	8882
Total reports on VIP sites:	602
Total patched vulnerabilities:	2248
Total vulnerabilities on Hold (Open Bug Bounty):	574
Recommendations received:	15
Active since:	09.09.2019
Top Security Researcher Awards:	Top Security Researcher of the Month
Top VIP Security Researcher Awards:	Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate

08.01.2020 Top 100 Open Redirect dorks

Just like previous list of XSS dorks but this time for Open Redirect vulnerabilities. First with most common parameters then parameters along with path.

page	19.3%
url	13.1%
ret	10.0%
r2	9.8%
img	7.0%
u	4.4%
return	2.6%
r	2.6%
URL	2.4%
next	2.0%
redirect	2.0%
redirectBack	1.6%
AuthState	1.2%
referer	0.8%
redir	0.8%
l	0.8%
aspxerrorpath	0.6%
image_path	0.6%
ActionCodeURL	0.6%
return_url	0.6%
link	0.6%
q	0.6%
location	0.6%
ReturnUrl	0.6%
uri	0.4%
referrer	0.4%
returnUrl	0.4%
forward	0.4%
file	0.4%
rb	0.4%
end_display	0.4%
urlact	0.4%
from	0.4%
goto	0.4%
path	0.4%
redirect_url	0.4%
old	0.4%
pathlocation	0.2%
successTarget	0.2%
returnURL	0.2%
urlsito	0.2%
newurl	0.2%
Url	0.2%
back	0.2%
retour	0.2%
odkazujuca_linka	0.2%
r_link	0.2%
cur_url	0.2%
H_name	0.2%
ref	0.2%
topic	0.2%
resource	0.2%
returnTo	0.2%
home	0.2%
node	0.2%
sUrl	0.2%
href	0.2%
linkurl	0.2%
returnto	0.2%
redirecturl	0.2%
SL	0.2%
st	0.2%
errorUrl	0.2%
media	0.2%
destination	0.2%
targeturl	0.2%
return_to	0.2%
cancel_url	0.2%
doc	0.2%
GO	0.2%
ReturnTo	0.2%
anything	0.2%
FileName	0.2%
logoutRedirectURL	0.2%
list	0.2%
startUrl	0.2%
service	0.2%
redirect_to	0.2%
end_url	0.2%
_next	0.2%
noSuchEntryRedirect	0.2%
context	0.2%
returnurl	0.2%
ref_url	0.2%

/?page=	18.5
/index.php?ret=	10.0
/analytics/hit.php?r2=	9.8
/api/thumbnail?img=	7.0
/e.html?u=	3.2
/actions/act_continueapplication.cfm?r=	2.4
/redirect2/?url=	2.0
/Shibboleth.sso/Logout?return=	1.2
/ui/clear-selected/?next=	1.2
/Home/Redirect?url=	1.2
/jobs/?l=	0.8
/Error.aspx?aspxerrorpath=	0.6
/r.php?u=	0.6
/services/logo_handler.ashx?image_path=	0.6
/AddProduct.aspx?ActionCodeURL=	0.6
/tools/login/default.asp?page=	0.6
/spip.php?url=	0.6
/usermanagement/mailGeneratedPassword?referer=	0.6
/?return=	0.6
/?redir=	0.6
/simplesaml/module.php/core/loginuserpass.php?AuthState=	0.6
/out.php?url=	0.6
/affiche.php?uri=	0.4
/redirector.php?url=	0.4
/cgi/set_lang?referrer=	0.4
/blog/click?url=	0.4
/site.php?url=	0.4
/download2.php?file=	0.4
/jump.php?url=	0.4
/redirect/?redirect=	0.4
/admin/track/track?redirect=	0.4
/switch.php?rb=	0.4
/php-scripts/form-handler.php?end_display=	0.4
/cg/rk/?url=	0.4
/tosite.php?url=	0.4
/cambioidioma.php?urlact=	0.4
/accueil/spip.php?url=	0.4
/IRB/sd/Rooms/RoomComponents/LoginView/GetSessionAndBack?redirectBack=	0.4
/search?q=	0.4
/default.aspx?URL=	0.4
/initiate-sso-login/?redirect_url=	0.4
/module.php/core/loginuserpass.php?AuthState=	0.4
/authentication/check_login?old=	0.4
/RedirectToDoc.aspx?URL=	0.4
/shop/bannerhit.php?url=	0.4
/acceptcookies/?ReturnUrl=	0.4
/index.php?url=	0.4
/publang?url=	0.2
/home/helperpage?url=	0.2
/widgets.aspx?url=	0.2
/_lang/en?next=	0.2
/application/en?url=	0.2
/common/topcorm.do?pathlocation=	0.2
/main/action?successTarget=	0.2
/Videos/SetCulture?returnURL=	0.2
/Localize/ChangeLang?returnUrl=	0.2
/_goToSite.asp?urlsito=	0.2
/redir?url=	0.2
/admin/auth/logined?redirect=	0.2
/linkforward?forward=	0.2
/modules/babel/redirect.php?newurl=	0.2
/umbraco/Surface/LanguageSurface/ChangeLanguage?Url=	0.2
/langswitcher.php?url=	0.2
/redirect/?url=	0.2
/i18n/i18n_user_currencies/change_currency?back=	0.2
/accessibilite/textBackUp/?retour=	0.2
/fncBox.php?url=	0.2
/all4shop-akcie.php?odkazujuca_linka=	0.2
/openurl.php?url=	0.2
/te3/out.php?u=	0.2
/utils/set_language.html?return_url=	0.2
/trigger.php?r_link=	0.2
/home/lng?cur_url=	0.2
/goto?url=	0.2
/o.php?url=	0.2
/link-master/19/follow?link=	0.2
/hack.php?H_name=	0.2
/bmad/namhoc.php?return=	0.2
/maven/stats.asp?ref=	0.2
/Main/WebHome?topic=	0.2
/bin/fusion/imsLogin?resource=	0.2
/languechange.aspx?url=	0.2
/bloques/bannerclick.php?url=	0.2
/changesiteversion-full?referer=	0.2
/out.php?link=	0.2
/bgpage?r=	0.2
/signout?returnTo=	0.2
/switch_lang.php?return_url=	0.2
/nousername.php?redir=	0.2
/i/logout?return=	0.2
/util_goto_detail_home.cfm?home=	0.2
/misc/oldmenu.html?from=	0.2
/click.php?url=	0.2
/bitrix/rdc/?goto=	0.2
/?node=	0.2
/setLanguage.php?return=	0.2
/redirect/ad?url=	0.2
/redirect.php?sUrl=	0.2
/redirect?url=	0.2
/url?url=	0.2

28.12.2019 Top 100 XSS dorks

It's the end of the year and a good time to share things with people.

After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.

It can be used as a powerful dork list so let's update your scanners and get bounties!

First here is the list of most vulnerable parameters along with their frequency.

Dork	Frequency
q	5.5%
s	4.5%
search	1.9%
id	1.7%
lang	1.4%
keyword	1.2%
query	1.1%
page	1.0%
keywords	0.8%
year	0.8%
view	0.8%
email	0.8%
type	0.7%
name	0.7%
p	0.7%
month	0.6%
immagine	0.6%
list_type	0.5%
url	0.5%
terms	0.5%
categoryid	0.5%
key	0.5%
l	0.5%
begindate	0.4%
enddate	0.4%
categoryid2	0.4%
t	0.4%
cat	0.4%
category	0.4%
action	0.4%
bukva	0.4%
redirect_uri	0.4%
firstname	0.4%
c	0.4%
lastname	0.3%
uid	0.3%
startTime	0.3%
eventSearch	0.3%
categoryids2	0.3%
categoryids	0.3%
sort	0.3%
positiontitle	0.3%
groupid	0.3%
m	0.3%
message	0.3%
tag	0.3%
pn	0.3%
title	0.3%
orgId	0.3%
text	0.3%
handler	0.2%
myord	0.2%
myshownums	0.2%
id_site	0.2%
city	0.2%
search_query	0.2%
msg	0.2%
sortby	0.2%
produkti_po_cena	0.2%
produkti_po_ime	0.2%
mode	0.2%
CODE	0.2%
location	0.2%
v	0.2%
order	0.2%
n	0.2%
term	0.2%
start	0.2%
k	0.2%
redirect	0.2%
ref	0.2%
file	0.2%
mebel_id	0.2%
country	0.2%
from	0.1%
r	0.1%
f	0.1%
field%5B%5D	0.1%
searchScope	0.1%
state	0.1%
phone	0.1%
Itemid	0.1%
lng	0.1%
place	0.1%
bedrooms	0.1%
expand	0.1%
e	0.1%
price	0.1%
d	0.1%
path	0.1%
address	0.1%
day	0.1%
display	0.1%
a	0.1%
error	0.1%
form	0.1%
language	0.1%
mls	0.1%
kw	0.1%
u	0.1%

This second list is almost the same but with corresponding path :

Dork	Frequency
/?s=	3.6
/search?q=	2.5
/index.php?lang=	0.6
/pplay/info_prenotazioni.asp?immagine=	0.6
/shared/lgflsearch.php?terms=	0.5
/index.php?page=	0.4
/search?query=	0.4
/en/Telefon-Cam?search=	0.4
/index.php?bukva=	0.4
/pro/events_print_setup.cfm?list_type=	0.3
/pro/events_print_setup.cfm?categoryid=	0.3
/pro/events_print_setup.cfm?categoryid2=	0.3
/?eventSearch=	0.3
/?startTime=	0.3
/pro/events_ical.cfm?categoryids=	0.3
/pro/events_ical.cfm?categoryids2=	0.3
/pro/events_print_setup.cfm?month=	0.3
/pro/events_print_setup.cfm?year=	0.3
/pro/events_print_setup.cfm?begindate=	0.3
/pro/events_print_setup.cfm?enddate=	0.3
/search?keyword=	0.3
/?q=	0.3
/search/?q=	0.3
/index.php?pn=	0.3
/?lang=	0.3
/property/search?uid=	0.3
/index.php?id=	0.3
/search?orgId=	0.3
/products?handler=	0.2
/pro/events_print_setup.cfm?view=	0.2
/pro/events_print_setup.cfm?keywords=	0.2
/?p=	0.2
/search.php?q=	0.2
/?search=	0.2
/pro/minicalendar_detail.cfm?list_type=	0.2
/index.php?produkti_po_cena=	0.2
/index.php?produkti_po_ime=	0.2
/servlet/com.jsbsoft.jtf.core.SG?CODE=	0.2
/login?redirect_uri=	0.2
/connexion?redirect_uri=	0.2
/index.php?action=	0.2
/plugins/actu/listing_actus-front.php?id_site=	0.2
/index.php?mebel_id=	0.2
/search/?search=	0.2
/news/class/index.php?myshownums=	0.2
/news/class/index.php?myord=	0.2
/search.html?searchScope=	0.1
/search?field%5B%5D=	0.1
/videos?tag=	0.1
/videos?place=	0.1
/videos?search=	0.1
/?email=	0.1
/?cat=	0.1
/content.php?expand=	0.1
/?page=	0.1
/search/?s=	0.1
/?keywords=	0.1
/search/?keyword=	0.1
/apps/email/index.jsp?n=	0.1
/?name=	0.1
/?sort=	0.1
/search?search=	0.1
/pro/minicalendar_print_setup.cfm?begindate=	0.1
/pro/minicalendar_print_setup.cfm?enddate=	0.1
/pro/minicalendar_print_setup.cfm?keywords=	0.1
/search-results?q=	0.1
/?listingtypeid=	0.1
/search?s=	0.1
/pro/minicalendar_print_setup.cfm?categoryid2=	0.1
/?bathrooms=	0.1
/?listingagent=	0.1
/?featuredsearchseourl=	0.1
/?squarefeet=	0.1
/?siteid=	0.1
/?bedrooms=	0.1
/?featuredsearch=	0.1
/?price=	0.1
/?maxbuilt=	0.1
/?lsid=	0.1
/?listingtypes=	0.1
/?garages=	0.1
/?maxprice=	0.1
/?minprice=	0.1
/?keywordsany=	0.1
/?yearbuilt=	0.1
/?minbuilt=	0.1
/?subdivision=	0.1
/?lotsizeval=	0.1
/?listingstatusid=	0.1
/?mls=	0.1
/firms/?text=	0.1
/servlet/com.jsbsoft.jtf.core.SG?OBJET=	0.1
/plan_du_site.php?lang=	0.1
/index.php?Itemid=	0.1
/?view=	0.1
/?t=	0.1
/?selat=	0.1
/?selong=	0.1
/?nwlat=	0.1
/?geo=	0.1

I hope you enjoy this :)

Reported Vulnerabilities

All Submissions VIP Submissions Featured Submissions

Domain	Reported	Status	Type
elections.highline.edu	09.03.2020	On Hold	Improper Access Control
comisionddhh.mininterior.gob.ar	06.03.2020	On Hold	Improper Access Control
jdk.co.ke	06.03.2020	On Hold	Improper Access Control
katerotari.md	05.03.2020	On Hold	Improper Access Control
k20center.ou.edu	05.03.2020	On Hold	Improper Access Control
keck2.ucsd.edu	05.03.2020	On Hold	Improper Access Control
kdw-lab.mit.edu	01.03.2020	On Hold	Improper Access Control
kaapelicenter.bitools.io	01.03.2020	On Hold	Improper Access Control
judgepol.sps.ed.ac.uk	01.03.2020	On Hold	Improper Access Control
jorkawteun.spokedark.tv	29.02.2020	On Hold	Improper Access Control
jbonet.webs.upv.es	28.02.2020	On Hold	Improper Access Control
ixlab.ischool.utexas.edu	28.02.2020	On Hold	Improper Access Control
ithelp.umassd.edu	28.02.2020	On Hold	Improper Access Control
itec.aalto.fi	28.02.2020	On Hold	Improper Access Control
isrl.byu.edu	28.02.2020	On Hold	Improper Access Control
intranet.oak.edu	28.02.2020	On Hold	Improper Access Control
instructionaltechnology.wooste...	27.02.2020	On Hold	Improper Access Control
insider.structuralgraphics.com	27.02.2020	On Hold	Improper Access Control
insideoutreach.ou.edu	27.02.2020	On Hold	Improper Access Control
ingenium.md	27.02.2020	On Hold	Improper Access Control

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ... 438 439 440 441

Twitter Login		HOW IT WORKS Download presentation and learn how our service works PDF, 1MB
Report a Vulnerability
Browse Bug Bounty Programs
Write a Blog Post
Ask a Question

Start a Bug Bounty		HOW IT WORKS Download presentation and learn how our service works PDF, 1MB
Ask a Question
API