Security Researcher devl00p | Open Bug Bounty & Full Disclosure

OpenBugBounty.org > Security Researchers > devl00p

devl00p Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile

Security researcher devl00p has already helped fix 1267 vulnerabilities.

Info
Recommendations
Badges
Statistics
Certificate
Blog

Researcher reputation: 240

Real name:
Nicolas Surribas

About me:
I'm a french security researcher.
I'm also the creator of Wapiti, the open-source web vulnerability scanner.

How to contact me:
nicolas.surribas 4t gmail d0t com

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Donations:
Paypal paypal.me/devl00p

Follow me on:
Twitter

Recommendations and Acknowledgements

18 January, 2020

damnitjim Aye from Formulation:

Thanks for taking the time to report the weaknesses and really appreciate the wapiti tool that you've developed.

14 January, 2020

Regina0xFFFF Regina from geom:

Thanks Nicolas for reporting me an XSS on my site. Fixed it now!

8 January, 2020

aing3l Ang3l from Lorma Colleges:

Thank you for the report and getting in touch to resolve a vulnerability in one of our sites. Hats off!

7 January, 2020

ChVuagniaux Christophe from inetis:

Thanks to Nicolas for informed us about a vulnerability on one of our website and gived us informations about reproducibility very fast.

3 January, 2020

astroseekcom Petr9 from Astro-Seek.com:

Thank you for informing me about another XSS vulnerability.

3 January, 2020

pavelmusil Pavel Musil from Pavel Musil:

Thank you for your reporting XSS vulnerability.

26 November, 2019

adventurent_ Carlos from adventurent:

Nicolas made us aware of an XSS vulnerability on our site and let us know the issue really fast so we were able to fix it within a short time. Thanks a lot!

21 November, 2019

ponba25 Jayanta Biswas from INK Content, Inc.:

Thank you Nicolas for your research and reporting XSS vulnerability, we have fixed the issue according to your recommendation/research. Could you please check it once. Thanks

11 November, 2019

JosephA44367494 Joseph Anderson from Fashion Institute of Technology:

Special thanks to Nicolas for quickly helping us to patch a vulnerability on our site!

23 October, 2019

astroseekcom Petr9 from Astro-Seek.com:

Thank you for informing me about xss vulnerability.

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation

Honor Badges

Number of Secured Websites


10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research


WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements


Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch


Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition


REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author


1 Post	3 Posts	5+ Posts

Research Statistics

Total reports:	8571
Total reports on VIP sites:	588
Total patched vulnerabilities:	1267
Total vulnerabilities on Hold (Open Bug Bounty):	4655
Recommendations received:	12
Active since:	09.09.2019
Top Security Researcher Awards:	Top Security Researcher of the Month
Top VIP Security Researcher Awards:	Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate

08.01.2020 Top 100 Open Redirect dorks

Just like previous list of XSS dorks but this time for Open Redirect vulnerabilities. First with most common parameters then parameters along with path.

page	19.3%
url	13.1%
ret	10.0%
r2	9.8%
img	7.0%
u	4.4%
return	2.6%
r	2.6%
URL	2.4%
next	2.0%
redirect	2.0%
redirectBack	1.6%
AuthState	1.2%
referer	0.8%
redir	0.8%
l	0.8%
aspxerrorpath	0.6%
image_path	0.6%
ActionCodeURL	0.6%
return_url	0.6%
link	0.6%
q	0.6%
location	0.6%
ReturnUrl	0.6%
uri	0.4%
referrer	0.4%
returnUrl	0.4%
forward	0.4%
file	0.4%
rb	0.4%
end_display	0.4%
urlact	0.4%
from	0.4%
goto	0.4%
path	0.4%
redirect_url	0.4%
old	0.4%
pathlocation	0.2%
successTarget	0.2%
returnURL	0.2%
urlsito	0.2%
newurl	0.2%
Url	0.2%
back	0.2%
retour	0.2%
odkazujuca_linka	0.2%
r_link	0.2%
cur_url	0.2%
H_name	0.2%
ref	0.2%
topic	0.2%
resource	0.2%
returnTo	0.2%
home	0.2%
node	0.2%
sUrl	0.2%
href	0.2%
linkurl	0.2%
returnto	0.2%
redirecturl	0.2%
SL	0.2%
st	0.2%
errorUrl	0.2%
media	0.2%
destination	0.2%
targeturl	0.2%
return_to	0.2%
cancel_url	0.2%
doc	0.2%
GO	0.2%
ReturnTo	0.2%
anything	0.2%
FileName	0.2%
logoutRedirectURL	0.2%
list	0.2%
startUrl	0.2%
service	0.2%
redirect_to	0.2%
end_url	0.2%
_next	0.2%
noSuchEntryRedirect	0.2%
context	0.2%
returnurl	0.2%
ref_url	0.2%

/?page=	18.5
/index.php?ret=	10.0
/analytics/hit.php?r2=	9.8
/api/thumbnail?img=	7.0
/e.html?u=	3.2
/actions/act_continueapplication.cfm?r=	2.4
/redirect2/?url=	2.0
/Shibboleth.sso/Logout?return=	1.2
/ui/clear-selected/?next=	1.2
/Home/Redirect?url=	1.2
/jobs/?l=	0.8
/Error.aspx?aspxerrorpath=	0.6
/r.php?u=	0.6
/services/logo_handler.ashx?image_path=	0.6
/AddProduct.aspx?ActionCodeURL=	0.6
/tools/login/default.asp?page=	0.6
/spip.php?url=	0.6
/usermanagement/mailGeneratedPassword?referer=	0.6
/?return=	0.6
/?redir=	0.6
/simplesaml/module.php/core/loginuserpass.php?AuthState=	0.6
/out.php?url=	0.6
/affiche.php?uri=	0.4
/redirector.php?url=	0.4
/cgi/set_lang?referrer=	0.4
/blog/click?url=	0.4
/site.php?url=	0.4
/download2.php?file=	0.4
/jump.php?url=	0.4
/redirect/?redirect=	0.4
/admin/track/track?redirect=	0.4
/switch.php?rb=	0.4
/php-scripts/form-handler.php?end_display=	0.4
/cg/rk/?url=	0.4
/tosite.php?url=	0.4
/cambioidioma.php?urlact=	0.4
/accueil/spip.php?url=	0.4
/IRB/sd/Rooms/RoomComponents/LoginView/GetSessionAndBack?redirectBack=	0.4
/search?q=	0.4
/default.aspx?URL=	0.4
/initiate-sso-login/?redirect_url=	0.4
/module.php/core/loginuserpass.php?AuthState=	0.4
/authentication/check_login?old=	0.4
/RedirectToDoc.aspx?URL=	0.4
/shop/bannerhit.php?url=	0.4
/acceptcookies/?ReturnUrl=	0.4
/index.php?url=	0.4
/publang?url=	0.2
/home/helperpage?url=	0.2
/widgets.aspx?url=	0.2
/_lang/en?next=	0.2
/application/en?url=	0.2
/common/topcorm.do?pathlocation=	0.2
/main/action?successTarget=	0.2
/Videos/SetCulture?returnURL=	0.2
/Localize/ChangeLang?returnUrl=	0.2
/_goToSite.asp?urlsito=	0.2
/redir?url=	0.2
/admin/auth/logined?redirect=	0.2
/linkforward?forward=	0.2
/modules/babel/redirect.php?newurl=	0.2
/umbraco/Surface/LanguageSurface/ChangeLanguage?Url=	0.2
/langswitcher.php?url=	0.2
/redirect/?url=	0.2
/i18n/i18n_user_currencies/change_currency?back=	0.2
/accessibilite/textBackUp/?retour=	0.2
/fncBox.php?url=	0.2
/all4shop-akcie.php?odkazujuca_linka=	0.2
/openurl.php?url=	0.2
/te3/out.php?u=	0.2
/utils/set_language.html?return_url=	0.2
/trigger.php?r_link=	0.2
/home/lng?cur_url=	0.2
/goto?url=	0.2
/o.php?url=	0.2
/link-master/19/follow?link=	0.2
/hack.php?H_name=	0.2
/bmad/namhoc.php?return=	0.2
/maven/stats.asp?ref=	0.2
/Main/WebHome?topic=	0.2
/bin/fusion/imsLogin?resource=	0.2
/languechange.aspx?url=	0.2
/bloques/bannerclick.php?url=	0.2
/changesiteversion-full?referer=	0.2
/out.php?link=	0.2
/bgpage?r=	0.2
/signout?returnTo=	0.2
/switch_lang.php?return_url=	0.2
/nousername.php?redir=	0.2
/i/logout?return=	0.2
/util_goto_detail_home.cfm?home=	0.2
/misc/oldmenu.html?from=	0.2
/click.php?url=	0.2
/bitrix/rdc/?goto=	0.2
/?node=	0.2
/setLanguage.php?return=	0.2
/redirect/ad?url=	0.2
/redirect.php?sUrl=	0.2
/redirect?url=	0.2
/url?url=	0.2

28.12.2019 Top 100 XSS dorks

It's the end of the year and a good time to share things with people.

After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.

It can be used as a powerful dork list so let's update your scanners and get bounties!

First here is the list of most vulnerable parameters along with their frequency.

Dork	Frequency
q	5.5%
s	4.5%
search	1.9%
id	1.7%
lang	1.4%
keyword	1.2%
query	1.1%
page	1.0%
keywords	0.8%
year	0.8%
view	0.8%
email	0.8%
type	0.7%
name	0.7%
p	0.7%
month	0.6%
immagine	0.6%
list_type	0.5%
url	0.5%
terms	0.5%
categoryid	0.5%
key	0.5%
l	0.5%
begindate	0.4%
enddate	0.4%
categoryid2	0.4%
t	0.4%
cat	0.4%
category	0.4%
action	0.4%
bukva	0.4%
redirect_uri	0.4%
firstname	0.4%
c	0.4%
lastname	0.3%
uid	0.3%
startTime	0.3%
eventSearch	0.3%
categoryids2	0.3%
categoryids	0.3%
sort	0.3%
positiontitle	0.3%
groupid	0.3%
m	0.3%
message	0.3%
tag	0.3%
pn	0.3%
title	0.3%
orgId	0.3%
text	0.3%
handler	0.2%
myord	0.2%
myshownums	0.2%
id_site	0.2%
city	0.2%
search_query	0.2%
msg	0.2%
sortby	0.2%
produkti_po_cena	0.2%
produkti_po_ime	0.2%
mode	0.2%
CODE	0.2%
location	0.2%
v	0.2%
order	0.2%
n	0.2%
term	0.2%
start	0.2%
k	0.2%
redirect	0.2%
ref	0.2%
file	0.2%
mebel_id	0.2%
country	0.2%
from	0.1%
r	0.1%
f	0.1%
field%5B%5D	0.1%
searchScope	0.1%
state	0.1%
phone	0.1%
Itemid	0.1%
lng	0.1%
place	0.1%
bedrooms	0.1%
expand	0.1%
e	0.1%
price	0.1%
d	0.1%
path	0.1%
address	0.1%
day	0.1%
display	0.1%
a	0.1%
error	0.1%
form	0.1%
language	0.1%
mls	0.1%
kw	0.1%
u	0.1%

This second list is almost the same but with corresponding path :

Dork	Frequency
/?s=	3.6
/search?q=	2.5
/index.php?lang=	0.6
/pplay/info_prenotazioni.asp?immagine=	0.6
/shared/lgflsearch.php?terms=	0.5
/index.php?page=	0.4
/search?query=	0.4
/en/Telefon-Cam?search=	0.4
/index.php?bukva=	0.4
/pro/events_print_setup.cfm?list_type=	0.3
/pro/events_print_setup.cfm?categoryid=	0.3
/pro/events_print_setup.cfm?categoryid2=	0.3
/?eventSearch=	0.3
/?startTime=	0.3
/pro/events_ical.cfm?categoryids=	0.3
/pro/events_ical.cfm?categoryids2=	0.3
/pro/events_print_setup.cfm?month=	0.3
/pro/events_print_setup.cfm?year=	0.3
/pro/events_print_setup.cfm?begindate=	0.3
/pro/events_print_setup.cfm?enddate=	0.3
/search?keyword=	0.3
/?q=	0.3
/search/?q=	0.3
/index.php?pn=	0.3
/?lang=	0.3
/property/search?uid=	0.3
/index.php?id=	0.3
/search?orgId=	0.3
/products?handler=	0.2
/pro/events_print_setup.cfm?view=	0.2
/pro/events_print_setup.cfm?keywords=	0.2
/?p=	0.2
/search.php?q=	0.2
/?search=	0.2
/pro/minicalendar_detail.cfm?list_type=	0.2
/index.php?produkti_po_cena=	0.2
/index.php?produkti_po_ime=	0.2
/servlet/com.jsbsoft.jtf.core.SG?CODE=	0.2
/login?redirect_uri=	0.2
/connexion?redirect_uri=	0.2
/index.php?action=	0.2
/plugins/actu/listing_actus-front.php?id_site=	0.2
/index.php?mebel_id=	0.2
/search/?search=	0.2
/news/class/index.php?myshownums=	0.2
/news/class/index.php?myord=	0.2
/search.html?searchScope=	0.1
/search?field%5B%5D=	0.1
/videos?tag=	0.1
/videos?place=	0.1
/videos?search=	0.1
/?email=	0.1
/?cat=	0.1
/content.php?expand=	0.1
/?page=	0.1
/search/?s=	0.1
/?keywords=	0.1
/search/?keyword=	0.1
/apps/email/index.jsp?n=	0.1
/?name=	0.1
/?sort=	0.1
/search?search=	0.1
/pro/minicalendar_print_setup.cfm?begindate=	0.1
/pro/minicalendar_print_setup.cfm?enddate=	0.1
/pro/minicalendar_print_setup.cfm?keywords=	0.1
/search-results?q=	0.1
/?listingtypeid=	0.1
/search?s=	0.1
/pro/minicalendar_print_setup.cfm?categoryid2=	0.1
/?bathrooms=	0.1
/?listingagent=	0.1
/?featuredsearchseourl=	0.1
/?squarefeet=	0.1
/?siteid=	0.1
/?bedrooms=	0.1
/?featuredsearch=	0.1
/?price=	0.1
/?maxbuilt=	0.1
/?lsid=	0.1
/?listingtypes=	0.1
/?garages=	0.1
/?maxprice=	0.1
/?minprice=	0.1
/?keywordsany=	0.1
/?yearbuilt=	0.1
/?minbuilt=	0.1
/?subdivision=	0.1
/?lotsizeval=	0.1
/?listingstatusid=	0.1
/?mls=	0.1
/firms/?text=	0.1
/servlet/com.jsbsoft.jtf.core.SG?OBJET=	0.1
/plan_du_site.php?lang=	0.1
/index.php?Itemid=	0.1
/?view=	0.1
/?t=	0.1
/?selat=	0.1
/?selong=	0.1
/?nwlat=	0.1
/?geo=	0.1

I hope you enjoy this :)

Reported Vulnerabilities

All Submissions VIP Submissions Featured Submissions

Domain	Reported	Status	Type
batcam.tv	19.01.2020	On Hold	Improper Access Control
bandicoot.src.gla.ac.uk	19.01.2020	On Hold	Improper Access Control
bananagaming.tv	19.01.2020	On Hold	Improper Access Control
bagard.argetatcivil.fr	19.01.2020	On Hold	Improper Access Control
backtoearth.vic.gov.au	19.01.2020	On Hold	Improper Access Control
backtowork.initiatives.qld.gov...	19.01.2020	On Hold	Improper Access Control
bagels.io	19.01.2020	On Hold	Improper Access Control
aws-kdp-bb.blueworldinc.com	18.01.2020	On Hold	Improper Access Control
avnos.io	18.01.2020	On Hold	Improper Access Control
avia-abcc.ncifcrf.gov	18.01.2020	On Hold	Improper Access Control
avena.io	18.01.2020	On Hold	Improper Access Control
autoridadesdemesas.gob.ar	18.01.2020	On Hold	Improper Access Control
atmos.washington.edu	18.01.2020	On Hold	Improper Access Control
avon.io	18.01.2020	On Hold	Improper Access Control
auth.pikami.org	18.01.2020	On Hold	Improper Access Control
aula-virtual.es	18.01.2020	On Hold	Improper Access Control
atv.canalregional.md	18.01.2020	On Hold	Improper Access Control
astrovaani.live	18.01.2020	On Hold	Improper Access Control
asit.columbia.edu	17.01.2020	On Hold	Improper Access Control
asit-prod-web1.cc.columbia.edu	17.01.2020	On Hold	Improper Access Control

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ... 423 424 425 426

Twitter Login		HOW IT WORKS Download presentation and learn how our service works PDF, 1MB
Report a Vulnerability
Browse Bug Bounty Programs
Write a Blog Post
Ask a Question

Start a Bug Bounty		HOW IT WORKS Download presentation and learn how our service works PDF, 1MB
Ask a Question
API