All Open Bug Bounty emails are sent only from openbugbounty.org domain being digitally signed. All others are fake. 
devl00p
Top VIP Security Researcher
Top Security Researcher
Top Security Researcher of the Month
Top VIP Security Researcher of the Month | Security Researcher Profile
Security researcher devl00p has already helped fix 89195 vulnerabilities.
Researcher reputation: 720
Real name:
Nicolas Surribas
About me:
I'm a french security researcher.
I'm also the creator of Wapiti, the open-source web vulnerability scanner.
Why I'm scanning the web for vulnerabilities and how I do it :
https://t.co/Q9KMr2Kdla
Contact email:
nicolas.surribas 4t gmail d0t com
Experience in Application Security
over 5 years
Award / Bug Bounty I prefer:
Donations to help the Wapiti project:
Paypal paypal.me/devl00p
Follow me on:
Twitter
Ethics and Rules:
Nicolas Surribas is required to abide by the ethics and rules of the Open Bug Bounty project. If you reasonably believe that rules are not respected, please report this to us.
Recommendations and Acknowledgements
14 September, 2020
lorenzoherrera Loren from Photolancers:| Thanks devl00p for your kind report! We found an XSS bug and been able to solve it thanks to your help. Cheers! |
28 August, 2020 MitsuhashiN Nobutaka Mitsuhashi from NBDC:| Thanks to your kindness, I was able to fix the XSS vulnerability on our site very quickly. Thank you very much. |
24 October, 2022 wirthundhorn Operator from Wirth & Horn:|
Thanks devl00pTop-50 VIP XSS Researcher for reporting XSS vulnerabilities on our customers' websites. Keep up the good work, helps us a lot! |
1 March, 2021 CERT_rlp CERT-rlp from CERT-rlp:| The team of CERT-rlp would like to thank devl00p for a responsible and coordinated disclosure of XSS vulnerabilities |
23 February, 2021 simondale101 Simon Dale from theCrag:| Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
23 February, 2021 simondale101 Simon Dale from theCrag:| Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
23 February, 2021 simondale101 Simon Dale from theCrag:| Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
23 February, 2021 simondale101 Simon Dale from theCrag:| Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
23 February, 2021 simondale101 Simon Dale from theCrag:| Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
22 February, 2021 KoMaXX Matthias from matthiasschicker.de:| Thank you devl00p for finding that XSS vulnerability on my site and making the world better for all of us! |
Shows the first 10 recommendations. See all.
Honor Badges
Number of Secured Websites
 |
|
|
 |
|
10+ Websites
|
50+ Websites
|
500+ Websites
|
WEB SECURITY VETERAN
1000+ Websites
|
Advanced Security Research
 |
 |
 |
 |
|
WAF Bypasser
|
CSRF Master
30+ Reports
|
AppSec Logic Master
30+ Reports
|
Fastest Fix
Fix in 24 hours
|
Outstanding Achievements
 |
 |
 |
|
|
Secured OBB
|
OBB Advocate
|
Improved OBB
|
Commitment to Remediate and Patch
 |
|
|
|
|
Patch Master
55% Patched
|
Patch Guru
65% Patched
|
Patch Lord
75% Patched
|
Recommendations and Recognition
 |
|
|
|
|
REPUTABLE
10+ Recommends
|
FAMOUS
25+ Recommends
|
GLOBALLY TRUSTED
50+ Recommends
|
Distinguished Blog Author
 |
|
|
|
|
1 Post
|
3 Posts
|
5+ Posts
|
Research Statistics
| Total reports: | 186244 |
| Total reports on VIP sites: | 10776 |
| Total patched vulnerabilities: | 89195 |
| Total vulnerabilities on Hold (Open Bug Bounty): | 201 |
| Recommendations received: | 37 |
| Active since: | 09.09.2019 |
| Top Security Researcher Awards: | 
The Top Security Researcher
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month
Top Security Researcher of the Month |
| Top VIP Security Researcher Awards: | 
The VIP Top Security Researcher
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Month
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week
Top VIP Security Researcher of the Week |
Open Bug Bounty Certificate
Reported Vulnerabilities
All Submissions VIP SubmissionsFeatured Submissions
| Domain | Reported | Status | Type |
|---|
08.01.2020 Top 100 Open Redirect dorks
Just like previous list of XSS dorks but this time for Open Redirect vulnerabilities. First with most common parameters then parameters along with path.| page | 19.3% |
| url | 13.1% |
| ret | 10.0% |
| r2 | 9.8% |
| img | 7.0% |
| u | 4.4% |
| return | 2.6% |
| r | 2.6% |
| URL | 2.4% |
| next | 2.0% |
| redirect | 2.0% |
| redirectBack | 1.6% |
| AuthState | 1.2% |
| referer | 0.8% |
| redir | 0.8% |
| l | 0.8% |
| aspxerrorpath | 0.6% |
| image_path | 0.6% |
| ActionCodeURL | 0.6% |
| return_url | 0.6% |
| link | 0.6% |
| q | 0.6% |
| location | 0.6% |
| ReturnUrl | 0.6% |
| uri | 0.4% |
| referrer | 0.4% |
| returnUrl | 0.4% |
| forward | 0.4% |
| file | 0.4% |
| rb | 0.4% |
| end_display | 0.4% |
| urlact | 0.4% |
| from | 0.4% |
| goto | 0.4% |
| path | 0.4% |
| redirect_url | 0.4% |
| old | 0.4% |
| pathlocation | 0.2% |
| successTarget | 0.2% |
| returnURL | 0.2% |
| urlsito | 0.2% |
| newurl | 0.2% |
| Url | 0.2% |
| back | 0.2% |
| retour | 0.2% |
| odkazujuca_linka | 0.2% |
| r_link | 0.2% |
| cur_url | 0.2% |
| H_name | 0.2% |
| ref | 0.2% |
| topic | 0.2% |
| resource | 0.2% |
| returnTo | 0.2% |
| home | 0.2% |
| node | 0.2% |
| sUrl | 0.2% |
| href | 0.2% |
| linkurl | 0.2% |
| returnto | 0.2% |
| redirecturl | 0.2% |
| SL | 0.2% |
| st | 0.2% |
| errorUrl | 0.2% |
| media | 0.2% |
| destination | 0.2% |
| targeturl | 0.2% |
| return_to | 0.2% |
| cancel_url | 0.2% |
| doc | 0.2% |
| GO | 0.2% |
| ReturnTo | 0.2% |
| anything | 0.2% |
| FileName | 0.2% |
| logoutRedirectURL | 0.2% |
| list | 0.2% |
| startUrl | 0.2% |
| service | 0.2% |
| redirect_to | 0.2% |
| end_url | 0.2% |
| _next | 0.2% |
| noSuchEntryRedirect | 0.2% |
| context | 0.2% |
| returnurl | 0.2% |
| ref_url | 0.2% |
| /?page= | 18.5 |
| /index.php?ret= | 10.0 |
| /analytics/hit.php?r2= | 9.8 |
| /api/thumbnail?img= | 7.0 |
| /e.html?u= | 3.2 |
| /actions/act_continueapplication.cfm?r= | 2.4 |
| /redirect2/?url= | 2.0 |
| /Shibboleth.sso/Logout?return= | 1.2 |
| /ui/clear-selected/?next= | 1.2 |
| /Home/Redirect?url= | 1.2 |
| /jobs/?l= | 0.8 |
| /Error.aspx?aspxerrorpath= | 0.6 |
| /r.php?u= | 0.6 |
| /services/logo_handler.ashx?image_path= | 0.6 |
| /AddProduct.aspx?ActionCodeURL= | 0.6 |
| /tools/login/default.asp?page= | 0.6 |
| /spip.php?url= | 0.6 |
| /usermanagement/mailGeneratedPassword?referer= | 0.6 |
| /?return= | 0.6 |
| /?redir= | 0.6 |
| /simplesaml/module.php/core/loginuserpass.php?AuthState= | 0.6 |
| /out.php?url= | 0.6 |
| /affiche.php?uri= | 0.4 |
| /redirector.php?url= | 0.4 |
| /cgi/set_lang?referrer= | 0.4 |
| /blog/click?url= | 0.4 |
| /site.php?url= | 0.4 |
| /download2.php?file= | 0.4 |
| /jump.php?url= | 0.4 |
| /redirect/?redirect= | 0.4 |
| /admin/track/track?redirect= | 0.4 |
| /switch.php?rb= | 0.4 |
| /php-scripts/form-handler.php?end_display= | 0.4 |
| /cg/rk/?url= | 0.4 |
| /tosite.php?url= | 0.4 |
| /cambioidioma.php?urlact= | 0.4 |
| /accueil/spip.php?url= | 0.4 |
| /IRB/sd/Rooms/RoomComponents/LoginView/GetSessionAndBack?redirectBack= | 0.4 |
| /search?q= | 0.4 |
| /default.aspx?URL= | 0.4 |
| /initiate-sso-login/?redirect_url= | 0.4 |
| /module.php/core/loginuserpass.php?AuthState= | 0.4 |
| /authentication/check_login?old= | 0.4 |
| /RedirectToDoc.aspx?URL= | 0.4 |
| /shop/bannerhit.php?url= | 0.4 |
| /acceptcookies/?ReturnUrl= | 0.4 |
| /index.php?url= | 0.4 |
| /publang?url= | 0.2 |
| /home/helperpage?url= | 0.2 |
| /widgets.aspx?url= | 0.2 |
| /_lang/en?next= | 0.2 |
| /application/en?url= | 0.2 |
| /common/topcorm.do?pathlocation= | 0.2 |
| /main/action?successTarget= | 0.2 |
| /Videos/SetCulture?returnURL= | 0.2 |
| /Localize/ChangeLang?returnUrl= | 0.2 |
| /_goToSite.asp?urlsito= | 0.2 |
| /redir?url= | 0.2 |
| /admin/auth/logined?redirect= | 0.2 |
| /linkforward?forward= | 0.2 |
| /modules/babel/redirect.php?newurl= | 0.2 |
| /umbraco/Surface/LanguageSurface/ChangeLanguage?Url= | 0.2 |
| /langswitcher.php?url= | 0.2 |
| /redirect/?url= | 0.2 |
| /i18n/i18n_user_currencies/change_currency?back= | 0.2 |
| /accessibilite/textBackUp/?retour= | 0.2 |
| /fncBox.php?url= | 0.2 |
| /all4shop-akcie.php?odkazujuca_linka= | 0.2 |
| /openurl.php?url= | 0.2 |
| /te3/out.php?u= | 0.2 |
| /utils/set_language.html?return_url= | 0.2 |
| /trigger.php?r_link= | 0.2 |
| /home/lng?cur_url= | 0.2 |
| /goto?url= | 0.2 |
| /o.php?url= | 0.2 |
| /link-master/19/follow?link= | 0.2 |
| /hack.php?H_name= | 0.2 |
| /bmad/namhoc.php?return= | 0.2 |
| /maven/stats.asp?ref= | 0.2 |
| /Main/WebHome?topic= | 0.2 |
| /bin/fusion/imsLogin?resource= | 0.2 |
| /languechange.aspx?url= | 0.2 |
| /bloques/bannerclick.php?url= | 0.2 |
| /changesiteversion-full?referer= | 0.2 |
| /out.php?link= | 0.2 |
| /bgpage?r= | 0.2 |
| /signout?returnTo= | 0.2 |
| /switch_lang.php?return_url= | 0.2 |
| /nousername.php?redir= | 0.2 |
| /i/logout?return= | 0.2 |
| /util_goto_detail_home.cfm?home= | 0.2 |
| /misc/oldmenu.html?from= | 0.2 |
| /click.php?url= | 0.2 |
| /bitrix/rdc/?goto= | 0.2 |
| /?node= | 0.2 |
| /setLanguage.php?return= | 0.2 |
| /redirect/ad?url= | 0.2 |
| /redirect.php?sUrl= | 0.2 |
| /redirect?url= | 0.2 |
| /url?url= | 0.2 |
28.12.2019 Top 100 XSS dorks
It's the end of the year and a good time to share things with people.After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.
It can be used as a powerful dork list so let's update your scanners and get bounties!
First here is the list of most vulnerable parameters along with their frequency.
| Dork | Frequency |
|---|---|
| q | 5.5% |
| s | 4.5% |
| search | 1.9% |
| id | 1.7% |
| lang | 1.4% |
| keyword | 1.2% |
| query | 1.1% |
| page | 1.0% |
| keywords | 0.8% |
| year | 0.8% |
| view | 0.8% |
| 0.8% | |
| type | 0.7% |
| name | 0.7% |
| p | 0.7% |
| month | 0.6% |
| immagine | 0.6% |
| list_type | 0.5% |
| url | 0.5% |
| terms | 0.5% |
| categoryid | 0.5% |
| key | 0.5% |
| l | 0.5% |
| begindate | 0.4% |
| enddate | 0.4% |
| categoryid2 | 0.4% |
| t | 0.4% |
| cat | 0.4% |
| category | 0.4% |
| action | 0.4% |
| bukva | 0.4% |
| redirect_uri | 0.4% |
| firstname | 0.4% |
| c | 0.4% |
| lastname | 0.3% |
| uid | 0.3% |
| startTime | 0.3% |
| eventSearch | 0.3% |
| categoryids2 | 0.3% |
| categoryids | 0.3% |
| sort | 0.3% |
| positiontitle | 0.3% |
| groupid | 0.3% |
| m | 0.3% |
| message | 0.3% |
| tag | 0.3% |
| pn | 0.3% |
| title | 0.3% |
| orgId | 0.3% |
| text | 0.3% |
| handler | 0.2% |
| myord | 0.2% |
| myshownums | 0.2% |
| id_site | 0.2% |
| city | 0.2% |
| search_query | 0.2% |
| msg | 0.2% |
| sortby | 0.2% |
| produkti_po_cena | 0.2% |
| produkti_po_ime | 0.2% |
| mode | 0.2% |
| CODE | 0.2% |
| location | 0.2% |
| v | 0.2% |
| order | 0.2% |
| n | 0.2% |
| term | 0.2% |
| start | 0.2% |
| k | 0.2% |
| redirect | 0.2% |
| ref | 0.2% |
| file | 0.2% |
| mebel_id | 0.2% |
| country | 0.2% |
| from | 0.1% |
| r | 0.1% |
| f | 0.1% |
| field%5B%5D | 0.1% |
| searchScope | 0.1% |
| state | 0.1% |
| phone | 0.1% |
| Itemid | 0.1% |
| lng | 0.1% |
| place | 0.1% |
| bedrooms | 0.1% |
| expand | 0.1% |
| e | 0.1% |
| price | 0.1% |
| d | 0.1% |
| path | 0.1% |
| address | 0.1% |
| day | 0.1% |
| display | 0.1% |
| a | 0.1% |
| error | 0.1% |
| form | 0.1% |
| language | 0.1% |
| mls | 0.1% |
| kw | 0.1% |
| u | 0.1% |
This second list is almost the same but with corresponding path :
| Dork | Frequency |
|---|---|
| /?s= | 3.6 |
| /search?q= | 2.5 |
| /index.php?lang= | 0.6 |
| /pplay/info_prenotazioni.asp?immagine= | 0.6 |
| /shared/lgflsearch.php?terms= | 0.5 |
| /index.php?page= | 0.4 |
| /search?query= | 0.4 |
| /en/Telefon-Cam?search= | 0.4 |
| /index.php?bukva= | 0.4 |
| /pro/events_print_setup.cfm?list_type= | 0.3 |
| /pro/events_print_setup.cfm?categoryid= | 0.3 |
| /pro/events_print_setup.cfm?categoryid2= | 0.3 |
| /?eventSearch= | 0.3 |
| /?startTime= | 0.3 |
| /pro/events_ical.cfm?categoryids= | 0.3 |
| /pro/events_ical.cfm?categoryids2= | 0.3 |
| /pro/events_print_setup.cfm?month= | 0.3 |
| /pro/events_print_setup.cfm?year= | 0.3 |
| /pro/events_print_setup.cfm?begindate= | 0.3 |
| /pro/events_print_setup.cfm?enddate= | 0.3 |
| /search?keyword= | 0.3 |
| /?q= | 0.3 |
| /search/?q= | 0.3 |
| /index.php?pn= | 0.3 |
| /?lang= | 0.3 |
| /property/search?uid= | 0.3 |
| /index.php?id= | 0.3 |
| /search?orgId= | 0.3 |
| /products?handler= | 0.2 |
| /pro/events_print_setup.cfm?view= | 0.2 |
| /pro/events_print_setup.cfm?keywords= | 0.2 |
| /?p= | 0.2 |
| /search.php?q= | 0.2 |
| /?search= | 0.2 |
| /pro/minicalendar_detail.cfm?list_type= | 0.2 |
| /index.php?produkti_po_cena= | 0.2 |
| /index.php?produkti_po_ime= | 0.2 |
| /servlet/com.jsbsoft.jtf.core.SG?CODE= | 0.2 |
| /login?redirect_uri= | 0.2 |
| /connexion?redirect_uri= | 0.2 |
| /index.php?action= | 0.2 |
| /plugins/actu/listing_actus-front.php?id_site= | 0.2 |
| /index.php?mebel_id= | 0.2 |
| /search/?search= | 0.2 |
| /news/class/index.php?myshownums= | 0.2 |
| /news/class/index.php?myord= | 0.2 |
| /search.html?searchScope= | 0.1 |
| /search?field%5B%5D= | 0.1 |
| /videos?tag= | 0.1 |
| /videos?place= | 0.1 |
| /videos?search= | 0.1 |
| /?email= | 0.1 |
| /?cat= | 0.1 |
| /content.php?expand= | 0.1 |
| /?page= | 0.1 |
| /search/?s= | 0.1 |
| /?keywords= | 0.1 |
| /search/?keyword= | 0.1 |
| /apps/email/index.jsp?n= | 0.1 |
| /?name= | 0.1 |
| /?sort= | 0.1 |
| /search?search= | 0.1 |
| /pro/minicalendar_print_setup.cfm?begindate= | 0.1 |
| /pro/minicalendar_print_setup.cfm?enddate= | 0.1 |
| /pro/minicalendar_print_setup.cfm?keywords= | 0.1 |
| /search-results?q= | 0.1 |
| /?listingtypeid= | 0.1 |
| /search?s= | 0.1 |
| /pro/minicalendar_print_setup.cfm?categoryid2= | 0.1 |
| /?bathrooms= | 0.1 |
| /?listingagent= | 0.1 |
| /?featuredsearchseourl= | 0.1 |
| /?squarefeet= | 0.1 |
| /?siteid= | 0.1 |
| /?bedrooms= | 0.1 |
| /?featuredsearch= | 0.1 |
| /?price= | 0.1 |
| /?maxbuilt= | 0.1 |
| /?lsid= | 0.1 |
| /?listingtypes= | 0.1 |
| /?garages= | 0.1 |
| /?maxprice= | 0.1 |
| /?minprice= | 0.1 |
| /?keywordsany= | 0.1 |
| /?yearbuilt= | 0.1 |
| /?minbuilt= | 0.1 |
| /?subdivision= | 0.1 |
| /?lotsizeval= | 0.1 |
| /?listingstatusid= | 0.1 |
| /?mls= | 0.1 |
| /firms/?text= | 0.1 |
| /servlet/com.jsbsoft.jtf.core.SG?OBJET= | 0.1 |
| /plan_du_site.php?lang= | 0.1 |
| /index.php?Itemid= | 0.1 |
| /?view= | 0.1 |
| /?t= | 0.1 |
| /?selat= | 0.1 |
| /?selong= | 0.1 |
| /?nwlat= | 0.1 |
| /?geo= | 0.1 |
I hope you enjoy this :)
30.03.2023 
Please login via Twitter to add a recommendation