devl00p Top VIP Security Researcher Top Security Researcher Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile
Security researcher devl00p has already helped fix 92849 vulnerabilities.
Researcher reputation: 720
Real name:
Nicolas Surribas
About me:
I'm a french security researcher.
I'm also the creator of Wapiti, the open-source web vulnerability scanner.
Why I'm scanning the web for vulnerabilities and how I do it :
https://t.co/Q9KMr2Kdla
Contact email:
nicolas.surribas 4t gmail d0t com
Experience in Application Security
over 5 years
Award / Bug Bounty I prefer:
Donations to help the Wapiti project:
Paypal paypal.me/devl00p
Follow me on:
Twitter
Ethics and Rules:
Nicolas Surribas is required to abide by the ethics and rules of the Open Bug Bounty project. If you reasonably believe that rules are not respected, please report this to us.
Recommendations and Acknowledgements
Thanks devl00p for your kind report! We found an XSS bug and been able to solve it thanks to your help. Cheers! |
Thanks to your kindness, I was able to fix the XSS vulnerability on our site very quickly. Thank you very much. |
Thanks devl00pTop-50 VIP XSS Researcher for reporting XSS vulnerabilities on our customers' websites. Keep up the good work, helps us a lot! |
The team of CERT-rlp would like to thank devl00p for a responsible and coordinated disclosure of XSS vulnerabilities |
Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :) |
Thank you devl00p for finding that XSS vulnerability on my site and making the world better for all of us! |
Shows the first 10 recommendations. See all.
Honor Badges
Number of Secured Websites
|
|
|
|
10+ Websites
|
50+ Websites
|
500+ Websites
|
WEB SECURITY VETERAN
1000+ Websites
|
Advanced Security Research
|
|
|
|
WAF Bypasser
|
CSRF Master
30+ Reports
|
AppSec Logic Master
30+ Reports
|
Fastest Fix
Fix in 24 hours
|
Outstanding Achievements
|
|
|
|
Secured OBB
|
OBB Advocate
|
Improved OBB
|
Commitment to Remediate and Patch
|
|
|
|
Patch Master
55% Patched
|
Patch Guru
65% Patched
|
Patch Lord
75% Patched
|
Recommendations and Recognition
|
|
|
|
REPUTABLE
10+ Recommends
|
FAMOUS
25+ Recommends
|
GLOBALLY TRUSTED
50+ Recommends
|
Distinguished Blog Author
|
|
|
|
1 Post
|
3 Posts
|
5+ Posts
|
Research Statistics
Total reports: | 186366 |
Total reports on VIP sites: | 10863 |
Total patched vulnerabilities: | 92849 |
Recommendations received: | 37 |
Active since: | 09.09.2019 |
Top Security Researcher Awards: | The Top Security Researcher Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month |
Top VIP Security Researcher Awards: | The VIP Top Security Researcher Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week |
Reported Vulnerabilities
All Submissions VIP SubmissionsFeatured Submissions
Domain | Reported | Status | Type |
---|
08.01.2020 Top 100 Open Redirect dorks
Just like previous list of XSS dorks but this time for Open Redirect vulnerabilities. First with most common parameters then parameters along with path.page | 19.3% |
url | 13.1% |
ret | 10.0% |
r2 | 9.8% |
img | 7.0% |
u | 4.4% |
return | 2.6% |
r | 2.6% |
URL | 2.4% |
next | 2.0% |
redirect | 2.0% |
redirectBack | 1.6% |
AuthState | 1.2% |
referer | 0.8% |
redir | 0.8% |
l | 0.8% |
aspxerrorpath | 0.6% |
image_path | 0.6% |
ActionCodeURL | 0.6% |
return_url | 0.6% |
link | 0.6% |
q | 0.6% |
location | 0.6% |
ReturnUrl | 0.6% |
uri | 0.4% |
referrer | 0.4% |
returnUrl | 0.4% |
forward | 0.4% |
file | 0.4% |
rb | 0.4% |
end_display | 0.4% |
urlact | 0.4% |
from | 0.4% |
goto | 0.4% |
path | 0.4% |
redirect_url | 0.4% |
old | 0.4% |
pathlocation | 0.2% |
successTarget | 0.2% |
returnURL | 0.2% |
urlsito | 0.2% |
newurl | 0.2% |
Url | 0.2% |
back | 0.2% |
retour | 0.2% |
odkazujuca_linka | 0.2% |
r_link | 0.2% |
cur_url | 0.2% |
H_name | 0.2% |
ref | 0.2% |
topic | 0.2% |
resource | 0.2% |
returnTo | 0.2% |
home | 0.2% |
node | 0.2% |
sUrl | 0.2% |
href | 0.2% |
linkurl | 0.2% |
returnto | 0.2% |
redirecturl | 0.2% |
SL | 0.2% |
st | 0.2% |
errorUrl | 0.2% |
media | 0.2% |
destination | 0.2% |
targeturl | 0.2% |
return_to | 0.2% |
cancel_url | 0.2% |
doc | 0.2% |
GO | 0.2% |
ReturnTo | 0.2% |
anything | 0.2% |
FileName | 0.2% |
logoutRedirectURL | 0.2% |
list | 0.2% |
startUrl | 0.2% |
service | 0.2% |
redirect_to | 0.2% |
end_url | 0.2% |
_next | 0.2% |
noSuchEntryRedirect | 0.2% |
context | 0.2% |
returnurl | 0.2% |
ref_url | 0.2% |
/?page= | 18.5 |
/index.php?ret= | 10.0 |
/analytics/hit.php?r2= | 9.8 |
/api/thumbnail?img= | 7.0 |
/e.html?u= | 3.2 |
/actions/act_continueapplication.cfm?r= | 2.4 |
/redirect2/?url= | 2.0 |
/Shibboleth.sso/Logout?return= | 1.2 |
/ui/clear-selected/?next= | 1.2 |
/Home/Redirect?url= | 1.2 |
/jobs/?l= | 0.8 |
/Error.aspx?aspxerrorpath= | 0.6 |
/r.php?u= | 0.6 |
/services/logo_handler.ashx?image_path= | 0.6 |
/AddProduct.aspx?ActionCodeURL= | 0.6 |
/tools/login/default.asp?page= | 0.6 |
/spip.php?url= | 0.6 |
/usermanagement/mailGeneratedPassword?referer= | 0.6 |
/?return= | 0.6 |
/?redir= | 0.6 |
/simplesaml/module.php/core/loginuserpass.php?AuthState= | 0.6 |
/out.php?url= | 0.6 |
/affiche.php?uri= | 0.4 |
/redirector.php?url= | 0.4 |
/cgi/set_lang?referrer= | 0.4 |
/blog/click?url= | 0.4 |
/site.php?url= | 0.4 |
/download2.php?file= | 0.4 |
/jump.php?url= | 0.4 |
/redirect/?redirect= | 0.4 |
/admin/track/track?redirect= | 0.4 |
/switch.php?rb= | 0.4 |
/php-scripts/form-handler.php?end_display= | 0.4 |
/cg/rk/?url= | 0.4 |
/tosite.php?url= | 0.4 |
/cambioidioma.php?urlact= | 0.4 |
/accueil/spip.php?url= | 0.4 |
/IRB/sd/Rooms/RoomComponents/LoginView/GetSessionAndBack?redirectBack= | 0.4 |
/search?q= | 0.4 |
/default.aspx?URL= | 0.4 |
/initiate-sso-login/?redirect_url= | 0.4 |
/module.php/core/loginuserpass.php?AuthState= | 0.4 |
/authentication/check_login?old= | 0.4 |
/RedirectToDoc.aspx?URL= | 0.4 |
/shop/bannerhit.php?url= | 0.4 |
/acceptcookies/?ReturnUrl= | 0.4 |
/index.php?url= | 0.4 |
/publang?url= | 0.2 |
/home/helperpage?url= | 0.2 |
/widgets.aspx?url= | 0.2 |
/_lang/en?next= | 0.2 |
/application/en?url= | 0.2 |
/common/topcorm.do?pathlocation= | 0.2 |
/main/action?successTarget= | 0.2 |
/Videos/SetCulture?returnURL= | 0.2 |
/Localize/ChangeLang?returnUrl= | 0.2 |
/_goToSite.asp?urlsito= | 0.2 |
/redir?url= | 0.2 |
/admin/auth/logined?redirect= | 0.2 |
/linkforward?forward= | 0.2 |
/modules/babel/redirect.php?newurl= | 0.2 |
/umbraco/Surface/LanguageSurface/ChangeLanguage?Url= | 0.2 |
/langswitcher.php?url= | 0.2 |
/redirect/?url= | 0.2 |
/i18n/i18n_user_currencies/change_currency?back= | 0.2 |
/accessibilite/textBackUp/?retour= | 0.2 |
/fncBox.php?url= | 0.2 |
/all4shop-akcie.php?odkazujuca_linka= | 0.2 |
/openurl.php?url= | 0.2 |
/te3/out.php?u= | 0.2 |
/utils/set_language.html?return_url= | 0.2 |
/trigger.php?r_link= | 0.2 |
/home/lng?cur_url= | 0.2 |
/goto?url= | 0.2 |
/o.php?url= | 0.2 |
/link-master/19/follow?link= | 0.2 |
/hack.php?H_name= | 0.2 |
/bmad/namhoc.php?return= | 0.2 |
/maven/stats.asp?ref= | 0.2 |
/Main/WebHome?topic= | 0.2 |
/bin/fusion/imsLogin?resource= | 0.2 |
/languechange.aspx?url= | 0.2 |
/bloques/bannerclick.php?url= | 0.2 |
/changesiteversion-full?referer= | 0.2 |
/out.php?link= | 0.2 |
/bgpage?r= | 0.2 |
/signout?returnTo= | 0.2 |
/switch_lang.php?return_url= | 0.2 |
/nousername.php?redir= | 0.2 |
/i/logout?return= | 0.2 |
/util_goto_detail_home.cfm?home= | 0.2 |
/misc/oldmenu.html?from= | 0.2 |
/click.php?url= | 0.2 |
/bitrix/rdc/?goto= | 0.2 |
/?node= | 0.2 |
/setLanguage.php?return= | 0.2 |
/redirect/ad?url= | 0.2 |
/redirect.php?sUrl= | 0.2 |
/redirect?url= | 0.2 |
/url?url= | 0.2 |
28.12.2019 Top 100 XSS dorks
It's the end of the year and a good time to share things with people.After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.
It can be used as a powerful dork list so let's update your scanners and get bounties!
First here is the list of most vulnerable parameters along with their frequency.
Dork | Frequency |
---|---|
q | 5.5% |
s | 4.5% |
search | 1.9% |
id | 1.7% |
lang | 1.4% |
keyword | 1.2% |
query | 1.1% |
page | 1.0% |
keywords | 0.8% |
year | 0.8% |
view | 0.8% |
0.8% | |
type | 0.7% |
name | 0.7% |
p | 0.7% |
month | 0.6% |
immagine | 0.6% |
list_type | 0.5% |
url | 0.5% |
terms | 0.5% |
categoryid | 0.5% |
key | 0.5% |
l | 0.5% |
begindate | 0.4% |
enddate | 0.4% |
categoryid2 | 0.4% |
t | 0.4% |
cat | 0.4% |
category | 0.4% |
action | 0.4% |
bukva | 0.4% |
redirect_uri | 0.4% |
firstname | 0.4% |
c | 0.4% |
lastname | 0.3% |
uid | 0.3% |
startTime | 0.3% |
eventSearch | 0.3% |
categoryids2 | 0.3% |
categoryids | 0.3% |
sort | 0.3% |
positiontitle | 0.3% |
groupid | 0.3% |
m | 0.3% |
message | 0.3% |
tag | 0.3% |
pn | 0.3% |
title | 0.3% |
orgId | 0.3% |
text | 0.3% |
handler | 0.2% |
myord | 0.2% |
myshownums | 0.2% |
id_site | 0.2% |
city | 0.2% |
search_query | 0.2% |
msg | 0.2% |
sortby | 0.2% |
produkti_po_cena | 0.2% |
produkti_po_ime | 0.2% |
mode | 0.2% |
CODE | 0.2% |
location | 0.2% |
v | 0.2% |
order | 0.2% |
n | 0.2% |
term | 0.2% |
start | 0.2% |
k | 0.2% |
redirect | 0.2% |
ref | 0.2% |
file | 0.2% |
mebel_id | 0.2% |
country | 0.2% |
from | 0.1% |
r | 0.1% |
f | 0.1% |
field%5B%5D | 0.1% |
searchScope | 0.1% |
state | 0.1% |
phone | 0.1% |
Itemid | 0.1% |
lng | 0.1% |
place | 0.1% |
bedrooms | 0.1% |
expand | 0.1% |
e | 0.1% |
price | 0.1% |
d | 0.1% |
path | 0.1% |
address | 0.1% |
day | 0.1% |
display | 0.1% |
a | 0.1% |
error | 0.1% |
form | 0.1% |
language | 0.1% |
mls | 0.1% |
kw | 0.1% |
u | 0.1% |
This second list is almost the same but with corresponding path :
Dork | Frequency |
---|---|
/?s= | 3.6 |
/search?q= | 2.5 |
/index.php?lang= | 0.6 |
/pplay/info_prenotazioni.asp?immagine= | 0.6 |
/shared/lgflsearch.php?terms= | 0.5 |
/index.php?page= | 0.4 |
/search?query= | 0.4 |
/en/Telefon-Cam?search= | 0.4 |
/index.php?bukva= | 0.4 |
/pro/events_print_setup.cfm?list_type= | 0.3 |
/pro/events_print_setup.cfm?categoryid= | 0.3 |
/pro/events_print_setup.cfm?categoryid2= | 0.3 |
/?eventSearch= | 0.3 |
/?startTime= | 0.3 |
/pro/events_ical.cfm?categoryids= | 0.3 |
/pro/events_ical.cfm?categoryids2= | 0.3 |
/pro/events_print_setup.cfm?month= | 0.3 |
/pro/events_print_setup.cfm?year= | 0.3 |
/pro/events_print_setup.cfm?begindate= | 0.3 |
/pro/events_print_setup.cfm?enddate= | 0.3 |
/search?keyword= | 0.3 |
/?q= | 0.3 |
/search/?q= | 0.3 |
/index.php?pn= | 0.3 |
/?lang= | 0.3 |
/property/search?uid= | 0.3 |
/index.php?id= | 0.3 |
/search?orgId= | 0.3 |
/products?handler= | 0.2 |
/pro/events_print_setup.cfm?view= | 0.2 |
/pro/events_print_setup.cfm?keywords= | 0.2 |
/?p= | 0.2 |
/search.php?q= | 0.2 |
/?search= | 0.2 |
/pro/minicalendar_detail.cfm?list_type= | 0.2 |
/index.php?produkti_po_cena= | 0.2 |
/index.php?produkti_po_ime= | 0.2 |
/servlet/com.jsbsoft.jtf.core.SG?CODE= | 0.2 |
/login?redirect_uri= | 0.2 |
/connexion?redirect_uri= | 0.2 |
/index.php?action= | 0.2 |
/plugins/actu/listing_actus-front.php?id_site= | 0.2 |
/index.php?mebel_id= | 0.2 |
/search/?search= | 0.2 |
/news/class/index.php?myshownums= | 0.2 |
/news/class/index.php?myord= | 0.2 |
/search.html?searchScope= | 0.1 |
/search?field%5B%5D= | 0.1 |
/videos?tag= | 0.1 |
/videos?place= | 0.1 |
/videos?search= | 0.1 |
/?email= | 0.1 |
/?cat= | 0.1 |
/content.php?expand= | 0.1 |
/?page= | 0.1 |
/search/?s= | 0.1 |
/?keywords= | 0.1 |
/search/?keyword= | 0.1 |
/apps/email/index.jsp?n= | 0.1 |
/?name= | 0.1 |
/?sort= | 0.1 |
/search?search= | 0.1 |
/pro/minicalendar_print_setup.cfm?begindate= | 0.1 |
/pro/minicalendar_print_setup.cfm?enddate= | 0.1 |
/pro/minicalendar_print_setup.cfm?keywords= | 0.1 |
/search-results?q= | 0.1 |
/?listingtypeid= | 0.1 |
/search?s= | 0.1 |
/pro/minicalendar_print_setup.cfm?categoryid2= | 0.1 |
/?bathrooms= | 0.1 |
/?listingagent= | 0.1 |
/?featuredsearchseourl= | 0.1 |
/?squarefeet= | 0.1 |
/?siteid= | 0.1 |
/?bedrooms= | 0.1 |
/?featuredsearch= | 0.1 |
/?price= | 0.1 |
/?maxbuilt= | 0.1 |
/?lsid= | 0.1 |
/?listingtypes= | 0.1 |
/?garages= | 0.1 |
/?maxprice= | 0.1 |
/?minprice= | 0.1 |
/?keywordsany= | 0.1 |
/?yearbuilt= | 0.1 |
/?minbuilt= | 0.1 |
/?subdivision= | 0.1 |
/?lotsizeval= | 0.1 |
/?listingstatusid= | 0.1 |
/?mls= | 0.1 |
/firms/?text= | 0.1 |
/servlet/com.jsbsoft.jtf.core.SG?OBJET= | 0.1 |
/plan_du_site.php?lang= | 0.1 |
/index.php?Itemid= | 0.1 |
/?view= | 0.1 |
/?t= | 0.1 |
/?selat= | 0.1 |
/?selong= | 0.1 |
/?nwlat= | 0.1 |
/?geo= | 0.1 |
I hope you enjoy this :)
Please login via Twitter to add a recommendation