.wrapper { display:none; } .footer { display:none; } body { -ms-overflow-style: scrollbar; overflow-y: scroll; overscroll-behavior-y: none; } .errorContainer { background-color: #FFF; color: #0F1419; max-width: 600px; margin: 0 auto; padding: 10%; font-family: Helvetica, sans-serif; font-size: 16px; } .errorButton { margin: 3em 0; } .errorButton a { background: #1DA1F2; border-radius: 2.5em; color: white; padding: 1em 2em; text-decoration: none; } .errorButton a:hover, .errorButton a:focus { background: rgb(26, 145, 218); } .errorFooter { color: #657786; font-size: 80%; line-height: 1.5; padding: 1em 0; } .errorFooter a, .errorFooter a:visited { color: #657786; text-decoration: none; padding-right: 1em; } .errorFooter a:hover, .errorFooter a:active { text-decoration: underline; } #placeholder, #react-root { display: none !important; } body { background-color: #FFF !important; }

JavaScript is not available.

We’ve detected that JavaScript is disabled in this browser. Please enable JavaScript or switch to a supported browser to continue using openbugbounty.org.

2021 © OpenBugBounty

Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For Researchers

Report a Vulnerability Report and help remediate a vulnerability found on any website	Write a Blog Post Write a blog post to share your knowledge and get kudos
Browse Bug Bounty Programs Browse active bug bounty programs run by website owners	Ask a Question Ask questions and share your improvement ideas

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

For Owners

Start a Bug Bounty Start your bug bounty program at no cost and leverage crowd-security testing	Ask a Question Ask questions or let us know how to make Open Bug Bounty even better
API Request National CERTs and law enforcement agencies may request our API

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

Hall of Fame

Top Security Researchers They make Web a safer place by reporting and helping remediate vulnerabilities	Acknowledgements Website owners share their experience of collaboration with the researchers

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

About

About the Project Read about Open Bug Bounty history, values and mission	Latest Reports Browse the most recent vulnerability submissions
Contact Us Get in touch

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

Forum
Blog

OpenBugBounty.org > Security Researchers > devl00p

devl00p Top VIP Security Researcher Top Security Researcher Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile

Security researcher devl00p has already helped fix 47108 vulnerabilities.

Info
Reports
Recommendations
Badges
Statistics
Certificate
Blog

Researcher reputation: 700

Real name:
Nicolas Surribas

About me:
I'm a french security researcher.
I'm also the creator of Wapiti, the open-source web vulnerability scanner.

Why I'm scanning the web for vulnerabilities and how I do it :
https://t.co/Q9KMr2Kdla

Contact email:
nicolas.surribas 4t gmail d0t com

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Donations to help the Wapiti project:
Paypal paypal.me/devl00p

Follow me on:
Twitter

Recommendations and Acknowledgements

@lorenzoherrera

14 September, 2020

lorenzoherrera Loren from Photolancers:

Thanks devl00p for your kind report! We found an XSS bug and been able to solve it thanks to your help. Cheers!

28 August, 2020

MitsuhashiN Nobutaka Mitsuhashi from NBDC:

Thanks to your kindness, I was able to fix the XSS vulnerability on our site very quickly. Thank you very much.

1 March, 2021

CERT_rlp CERT-rlp from CERT-rlp:

The team of CERT-rlp would like to thank devl00p for a responsible and coordinated disclosure of XSS vulnerabilities

23 February, 2021

simondale101 Simon Dale from theCrag:

Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :)

23 February, 2021

simondale101 Simon Dale from theCrag:

Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :)

23 February, 2021

simondale101 Simon Dale from theCrag:

Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :)

23 February, 2021

simondale101 Simon Dale from theCrag:

Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :)

23 February, 2021

simondale101 Simon Dale from theCrag:

Thanks for finding the XSS Bug, which was pretty obscure. I appreciate your responsiveness on the issue :)

22 February, 2021

KoMaXX Matthias from matthiasschicker.de:

Thank you devl00p for finding that XSS vulnerability on my site and making the world better for all of us!

2 February, 2021

CERT_rlp CERT-rlp from CERT-rlp:

The team of CERT-rlp would like to thank devl00p for a responsible and coordinated disclosure of XSS vulnerabilities

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation

Honor Badges

Number of Secured Websites


10+ Websites	50+ Websites	500+ Websites	WEB SECURITY VETERAN 1000+ Websites

Advanced Security Research


WAF Bypasser	CSRF Master 30+ Reports	AppSec Logic Master 30+ Reports	Fastest Fix Fix in 24 hours

Outstanding Achievements


Secured OBB	OBB Advocate	Improved OBB

Commitment to Remediate and Patch


Patch Master 55% Patched	Patch Guru 65% Patched	Patch Lord 75% Patched

Recommendations and Recognition


REPUTABLE 10+ Recommends	FAMOUS 25+ Recommends	GLOBALLY TRUSTED 50+ Recommends

Distinguished Blog Author


1 Post	3 Posts	5+ Posts

Research Statistics

Total reports:	177729
Total reports on VIP sites:	4521
Total patched vulnerabilities:	47108
Total vulnerabilities on Hold (Open Bug Bounty):	21974
Recommendations received:	36
Active since:	09.09.2019
Top Security Researcher Awards:	The Top Security Researcher Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month Top Security Researcher of the Month
Top VIP Security Researcher Awards:	The VIP Top Security Researcher Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate

Researcher Certificate

Reported Vulnerabilities

All Submissions VIP Submissions Featured Submissions

08.01.2020 Top 100 Open Redirect dorks

Just like previous list of XSS dorks but this time for Open Redirect vulnerabilities. First with most common parameters then parameters along with path.

page	19.3%
url	13.1%
ret	10.0%
r2	9.8%
img	7.0%
u	4.4%
return	2.6%
r	2.6%
URL	2.4%
next	2.0%
redirect	2.0%
redirectBack	1.6%
AuthState	1.2%
referer	0.8%
redir	0.8%
l	0.8%
aspxerrorpath	0.6%
image_path	0.6%
ActionCodeURL	0.6%
return_url	0.6%
link	0.6%
q	0.6%
location	0.6%
ReturnUrl	0.6%
uri	0.4%
referrer	0.4%
returnUrl	0.4%
forward	0.4%
file	0.4%
rb	0.4%
end_display	0.4%
urlact	0.4%
from	0.4%
goto	0.4%
path	0.4%
redirect_url	0.4%
old	0.4%
pathlocation	0.2%
successTarget	0.2%
returnURL	0.2%
urlsito	0.2%
newurl	0.2%
Url	0.2%
back	0.2%
retour	0.2%
odkazujuca_linka	0.2%
r_link	0.2%
cur_url	0.2%
H_name	0.2%
ref	0.2%
topic	0.2%
resource	0.2%
returnTo	0.2%
home	0.2%
node	0.2%
sUrl	0.2%
href	0.2%
linkurl	0.2%
returnto	0.2%
redirecturl	0.2%
SL	0.2%
st	0.2%
errorUrl	0.2%
media	0.2%
destination	0.2%
targeturl	0.2%
return_to	0.2%
cancel_url	0.2%
doc	0.2%
GO	0.2%
ReturnTo	0.2%
anything	0.2%
FileName	0.2%
logoutRedirectURL	0.2%
list	0.2%
startUrl	0.2%
service	0.2%
redirect_to	0.2%
end_url	0.2%
_next	0.2%
noSuchEntryRedirect	0.2%
context	0.2%
returnurl	0.2%
ref_url	0.2%

/?page=	18.5
/index.php?ret=	10.0
/analytics/hit.php?r2=	9.8
/api/thumbnail?img=	7.0
/e.html?u=	3.2
/actions/act_continueapplication.cfm?r=	2.4
/redirect2/?url=	2.0
/Shibboleth.sso/Logout?return=	1.2
/ui/clear-selected/?next=	1.2
/Home/Redirect?url=	1.2
/jobs/?l=	0.8
/Error.aspx?aspxerrorpath=	0.6
/r.php?u=	0.6
/services/logo_handler.ashx?image_path=	0.6
/AddProduct.aspx?ActionCodeURL=	0.6
/tools/login/default.asp?page=	0.6
/spip.php?url=	0.6
/usermanagement/mailGeneratedPassword?referer=	0.6
/?return=	0.6
/?redir=	0.6
/simplesaml/module.php/core/loginuserpass.php?AuthState=	0.6
/out.php?url=	0.6
/affiche.php?uri=	0.4
/redirector.php?url=	0.4
/cgi/set_lang?referrer=	0.4
/blog/click?url=	0.4
/site.php?url=	0.4
/download2.php?file=	0.4
/jump.php?url=	0.4
/redirect/?redirect=	0.4
/admin/track/track?redirect=	0.4
/switch.php?rb=	0.4
/php-scripts/form-handler.php?end_display=	0.4
/cg/rk/?url=	0.4
/tosite.php?url=	0.4
/cambioidioma.php?urlact=	0.4
/accueil/spip.php?url=	0.4
/IRB/sd/Rooms/RoomComponents/LoginView/GetSessionAndBack?redirectBack=	0.4
/search?q=	0.4
/default.aspx?URL=	0.4
/initiate-sso-login/?redirect_url=	0.4
/module.php/core/loginuserpass.php?AuthState=	0.4
/authentication/check_login?old=	0.4
/RedirectToDoc.aspx?URL=	0.4
/shop/bannerhit.php?url=	0.4
/acceptcookies/?ReturnUrl=	0.4
/index.php?url=	0.4
/publang?url=	0.2
/home/helperpage?url=	0.2
/widgets.aspx?url=	0.2
/_lang/en?next=	0.2
/application/en?url=	0.2
/common/topcorm.do?pathlocation=	0.2
/main/action?successTarget=	0.2
/Videos/SetCulture?returnURL=	0.2
/Localize/ChangeLang?returnUrl=	0.2
/_goToSite.asp?urlsito=	0.2
/redir?url=	0.2
/admin/auth/logined?redirect=	0.2
/linkforward?forward=	0.2
/modules/babel/redirect.php?newurl=	0.2
/umbraco/Surface/LanguageSurface/ChangeLanguage?Url=	0.2
/langswitcher.php?url=	0.2
/redirect/?url=	0.2
/i18n/i18n_user_currencies/change_currency?back=	0.2
/accessibilite/textBackUp/?retour=	0.2
/fncBox.php?url=	0.2
/all4shop-akcie.php?odkazujuca_linka=	0.2
/openurl.php?url=	0.2
/te3/out.php?u=	0.2
/utils/set_language.html?return_url=	0.2
/trigger.php?r_link=	0.2
/home/lng?cur_url=	0.2
/goto?url=	0.2
/o.php?url=	0.2
/link-master/19/follow?link=	0.2
/hack.php?H_name=	0.2
/bmad/namhoc.php?return=	0.2
/maven/stats.asp?ref=	0.2
/Main/WebHome?topic=	0.2
/bin/fusion/imsLogin?resource=	0.2
/languechange.aspx?url=	0.2
/bloques/bannerclick.php?url=	0.2
/changesiteversion-full?referer=	0.2
/out.php?link=	0.2
/bgpage?r=	0.2
/signout?returnTo=	0.2
/switch_lang.php?return_url=	0.2
/nousername.php?redir=	0.2
/i/logout?return=	0.2
/util_goto_detail_home.cfm?home=	0.2
/misc/oldmenu.html?from=	0.2
/click.php?url=	0.2
/bitrix/rdc/?goto=	0.2
/?node=	0.2
/setLanguage.php?return=	0.2
/redirect/ad?url=	0.2
/redirect.php?sUrl=	0.2
/redirect?url=	0.2
/url?url=	0.2

28.12.2019 Top 100 XSS dorks

It's the end of the year and a good time to share things with people.

After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.

It can be used as a powerful dork list so let's update your scanners and get bounties!

First here is the list of most vulnerable parameters along with their frequency.

Dork	Frequency
q	5.5%
s	4.5%
search	1.9%
id	1.7%
lang	1.4%
keyword	1.2%
query	1.1%
page	1.0%
keywords	0.8%
year	0.8%
view	0.8%
email	0.8%
type	0.7%
name	0.7%
p	0.7%
month	0.6%
immagine	0.6%
list_type	0.5%
url	0.5%
terms	0.5%
categoryid	0.5%
key	0.5%
l	0.5%
begindate	0.4%
enddate	0.4%
categoryid2	0.4%
t	0.4%
cat	0.4%
category	0.4%
action	0.4%
bukva	0.4%
redirect_uri	0.4%
firstname	0.4%
c	0.4%
lastname	0.3%
uid	0.3%
startTime	0.3%
eventSearch	0.3%
categoryids2	0.3%
categoryids	0.3%
sort	0.3%
positiontitle	0.3%
groupid	0.3%
m	0.3%
message	0.3%
tag	0.3%
pn	0.3%
title	0.3%
orgId	0.3%
text	0.3%
handler	0.2%
myord	0.2%
myshownums	0.2%
id_site	0.2%
city	0.2%
search_query	0.2%
msg	0.2%
sortby	0.2%
produkti_po_cena	0.2%
produkti_po_ime	0.2%
mode	0.2%
CODE	0.2%
location	0.2%
v	0.2%
order	0.2%
n	0.2%
term	0.2%
start	0.2%
k	0.2%
redirect	0.2%
ref	0.2%
file	0.2%
mebel_id	0.2%
country	0.2%
from	0.1%
r	0.1%
f	0.1%
field%5B%5D	0.1%
searchScope	0.1%
state	0.1%
phone	0.1%
Itemid	0.1%
lng	0.1%
place	0.1%
bedrooms	0.1%
expand	0.1%
e	0.1%
price	0.1%
d	0.1%
path	0.1%
address	0.1%
day	0.1%
display	0.1%
a	0.1%
error	0.1%
form	0.1%
language	0.1%
mls	0.1%
kw	0.1%
u	0.1%

This second list is almost the same but with corresponding path :

Dork	Frequency
/?s=	3.6
/search?q=	2.5
/index.php?lang=	0.6
/pplay/info_prenotazioni.asp?immagine=	0.6
/shared/lgflsearch.php?terms=	0.5
/index.php?page=	0.4
/search?query=	0.4
/en/Telefon-Cam?search=	0.4
/index.php?bukva=	0.4
/pro/events_print_setup.cfm?list_type=	0.3
/pro/events_print_setup.cfm?categoryid=	0.3
/pro/events_print_setup.cfm?categoryid2=	0.3
/?eventSearch=	0.3
/?startTime=	0.3
/pro/events_ical.cfm?categoryids=	0.3
/pro/events_ical.cfm?categoryids2=	0.3
/pro/events_print_setup.cfm?month=	0.3
/pro/events_print_setup.cfm?year=	0.3
/pro/events_print_setup.cfm?begindate=	0.3
/pro/events_print_setup.cfm?enddate=	0.3
/search?keyword=	0.3
/?q=	0.3
/search/?q=	0.3
/index.php?pn=	0.3
/?lang=	0.3
/property/search?uid=	0.3
/index.php?id=	0.3
/search?orgId=	0.3
/products?handler=	0.2
/pro/events_print_setup.cfm?view=	0.2
/pro/events_print_setup.cfm?keywords=	0.2
/?p=	0.2
/search.php?q=	0.2
/?search=	0.2
/pro/minicalendar_detail.cfm?list_type=	0.2
/index.php?produkti_po_cena=	0.2
/index.php?produkti_po_ime=	0.2
/servlet/com.jsbsoft.jtf.core.SG?CODE=	0.2
/login?redirect_uri=	0.2
/connexion?redirect_uri=	0.2
/index.php?action=	0.2
/plugins/actu/listing_actus-front.php?id_site=	0.2
/index.php?mebel_id=	0.2
/search/?search=	0.2
/news/class/index.php?myshownums=	0.2
/news/class/index.php?myord=	0.2
/search.html?searchScope=	0.1
/search?field%5B%5D=	0.1
/videos?tag=	0.1
/videos?place=	0.1
/videos?search=	0.1
/?email=	0.1
/?cat=	0.1
/content.php?expand=	0.1
/?page=	0.1
/search/?s=	0.1
/?keywords=	0.1
/search/?keyword=	0.1
/apps/email/index.jsp?n=	0.1
/?name=	0.1
/?sort=	0.1
/search?search=	0.1
/pro/minicalendar_print_setup.cfm?begindate=	0.1
/pro/minicalendar_print_setup.cfm?enddate=	0.1
/pro/minicalendar_print_setup.cfm?keywords=	0.1
/search-results?q=	0.1
/?listingtypeid=	0.1
/search?s=	0.1
/pro/minicalendar_print_setup.cfm?categoryid2=	0.1
/?bathrooms=	0.1
/?listingagent=	0.1
/?featuredsearchseourl=	0.1
/?squarefeet=	0.1
/?siteid=	0.1
/?bedrooms=	0.1
/?featuredsearch=	0.1
/?price=	0.1
/?maxbuilt=	0.1
/?lsid=	0.1
/?listingtypes=	0.1
/?garages=	0.1
/?maxprice=	0.1
/?minprice=	0.1
/?keywordsany=	0.1
/?yearbuilt=	0.1
/?minbuilt=	0.1
/?subdivision=	0.1
/?lotsizeval=	0.1
/?listingstatusid=	0.1
/?mls=	0.1
/firms/?text=	0.1
/servlet/com.jsbsoft.jtf.core.SG?OBJET=	0.1
/plan_du_site.php?lang=	0.1
/index.php?Itemid=	0.1
/?view=	0.1
/?t=	0.1
/?selat=	0.1
/?selong=	0.1
/?nwlat=	0.1
/?geo=	0.1

I hope you enjoy this :)

Latest Patched

21.04.2021 prensaescrita.com

21.04.2021 1click.ws

21.04.2021 langitfilm.me

21.04.2021 herbalife.am

20.04.2021 avizo.me

20.04.2021 onex.am

20.04.2021 kaldo.am

20.04.2021 checkchick.me

20.04.2021 dramaqu.website

20.04.2021 newharmony-in.gov

Latest Blog Posts

11.04.2021 by Open Bug Bounty
Better Notifications Mechanism

28.03.2021 by febin_rev
Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2 Buffer Overflow-CVE-2018–6892

10.02.2021 by Renzi25031469
Sysadminotaur nº88

10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard

25.12.2020 by _Y000_
How to bypass mod_security (WAF)

Recent Recommendations

@MrMoney84315336

16 April, 2021

MrMoney84315336:

Serious, fast and professional.Thanks for the report.

@lmanunza

15 April, 2021

The Researcher found an XSS vulnerability in our site and acted ethically by reporting it to us, so we could fix it in a timely manner. Thank you!

@studentdoctor

14 April, 2021

Rngdr4 is an absolute professional. Very helpful in finding and helping to resolve our bug. Highly recommended! Thanks, rngdr4!

@lmanunza

13 April, 2021

Pooja found an XSS vulnerability in our website and acted ethically by reporting it to us, as well as providing all the information we needed to reproduce and fix the issue in a timely manner. Thank you very much!

@MrMoney84315336

13 April, 2021

MrMoney84315336:

Thank you for reporting the XSS issue.
Thanks to the detailed report, we were able to fix the problem on the same day.

Making Web a Safer Place

Coordinated & Responsible Disclosure

Based on ISO 29147 Guidelines

Terms & Privacy
2021 © OpenBugBounty