Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
639,509 coordinated disclosures
406,323 fixed vulnerabilities
958 bug bounties with 1,915 websites
19,215 researchers, 1211 honor badges

devl00pTop-50 VIP XSS Researcher Top VIP Security ResearcherTop-50 VIP Open Redirect Reporter Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile


Security researcher devl00p has already helped fix 13714 vulnerabilities.



Researcher reputation:  540

Real name:
Nicolas Surribas

About me:
I'm a french security researcher.
I'm also the creator of Wapiti, the open-source web vulnerability scanner.

Why I'm scanning the web for vulnerabilities and how I do it :
https://t.co/Q9KMr2Kdla

How to contact me:
nicolas.surribas 4t gmail d0t com

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Donations to help the Wapiti project:
Paypal paypal.me/devl00p

Follow me on:
Twitter

Recommendations and Acknowledgements

@lorenzoherrera     14 September, 2020
    Twitter lorenzoherrera Loren from Photolancers:
Thanks devl00p for your kind report! We found an XSS bug and been able to solve it thanks to your help. Cheers!
@MitsuhashiN     28 August, 2020
    Twitter MitsuhashiN Nobutaka Mitsuhashi from NBDC:
Thanks to your kindness, I was able to fix the XSS vulnerability on our site very quickly. Thank you very much.
@AsictSoc     18 November, 2020
    Twitter AsictSoc Security Operation Center from Politecnico di Milano:
Dear devl00p,

the SOC of Politecnico di Milano would like to thank you for disclosing us multiple XSS vulnerabilities on our infrastructure.
@chukaio     13 November, 2020
    Twitter chukaio chukaio from CHUKAIO:
Thank you very much for finding XSS bug.
You correspond to a contact from me politely each time, and I thank.
I had a wonderful person find it, but I was lucky.
@duncanespiga     11 November, 2020
    Twitter duncanespiga Duncan Espiga from CEPA:
Quick, informative and friendly response. Thanks!
@pk_12397     11 November, 2020
    Twitter pk_12397 lozan from freelance:
whatever you can recommend
@pk_12397     11 November, 2020
    Twitter pk_12397 lozan from freelance:
whatever you can recommend
@SNTech2     4 November, 2020
    Twitter SNTech2 Steve from Sharenet:
Many thanks for reporting the bug and providing us with all the information required to patch it.
@Jobe1986     28 October, 2020
    Twitter Jobe1986 Matthew from CollectiveIRC:
Thank you for your efforts and reporting the XSS vulnerability you found on my website.
@EricLucas_     16 September, 2020
    Twitter EricLucas_ Lucas from IARC:
Thanks to devl00p (Nicolas) for your kind alert notification and identification of the XSS bug!
Bug fixed now! Thanks for your help and support!

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:118139
Total reports on VIP sites:2743
Total patched vulnerabilities:13714
Total vulnerabilities on Hold (Open Bug Bounty):92605
Recommendations received:27
Active since:09.09.2019
Top Security Researcher Awards:Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month
Top VIP Security Researcher Awards: The VIP Top Security Researcher Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate


Researcher Certificate

08.01.2020  Top 100 Open Redirect dorks

Just like previous list of XSS dorks but this time for Open Redirect vulnerabilities. First with most common parameters then parameters along with path.
page19.3%
url13.1%
ret10.0%
r29.8%
img7.0%
u4.4%
return2.6%
r2.6%
URL2.4%
next2.0%
redirect2.0%
redirectBack1.6%
AuthState1.2%
referer0.8%
redir0.8%
l0.8%
aspxerrorpath0.6%
image_path0.6%
ActionCodeURL0.6%
return_url0.6%
link0.6%
q0.6%
location0.6%
ReturnUrl0.6%
uri0.4%
referrer0.4%
returnUrl0.4%
forward0.4%
file0.4%
rb0.4%
end_display0.4%
urlact0.4%
from0.4%
goto0.4%
path0.4%
redirect_url0.4%
old0.4%
pathlocation0.2%
successTarget0.2%
returnURL0.2%
urlsito0.2%
newurl0.2%
Url0.2%
back0.2%
retour0.2%
odkazujuca_linka0.2%
r_link0.2%
cur_url0.2%
H_name0.2%
ref0.2%
topic0.2%
resource0.2%
returnTo0.2%
home0.2%
node0.2%
sUrl0.2%
href0.2%
linkurl0.2%
returnto0.2%
redirecturl0.2%
SL0.2%
st0.2%
errorUrl0.2%
media0.2%
destination0.2%
targeturl0.2%
return_to0.2%
cancel_url0.2%
doc0.2%
GO0.2%
ReturnTo0.2%
anything0.2%
FileName0.2%
logoutRedirectURL0.2%
list0.2%
startUrl0.2%
service0.2%
redirect_to0.2%
end_url0.2%
_next0.2%
noSuchEntryRedirect0.2%
context0.2%
returnurl0.2%
ref_url0.2%
/?page=18.5
/index.php?ret=10.0
/analytics/hit.php?r2=9.8
/api/thumbnail?img=7.0
/e.html?u=3.2
/actions/act_continueapplication.cfm?r=2.4
/redirect2/?url=2.0
/Shibboleth.sso/Logout?return=1.2
/ui/clear-selected/?next=1.2
/Home/Redirect?url=1.2
/jobs/?l=0.8
/Error.aspx?aspxerrorpath=0.6
/r.php?u=0.6
/services/logo_handler.ashx?image_path=0.6
/AddProduct.aspx?ActionCodeURL=0.6
/tools/login/default.asp?page=0.6
/spip.php?url=0.6
/usermanagement/mailGeneratedPassword?referer=0.6
/?return=0.6
/?redir=0.6
/simplesaml/module.php/core/loginuserpass.php?AuthState=0.6
/out.php?url=0.6
/affiche.php?uri=0.4
/redirector.php?url=0.4
/cgi/set_lang?referrer=0.4
/blog/click?url=0.4
/site.php?url=0.4
/download2.php?file=0.4
/jump.php?url=0.4
/redirect/?redirect=0.4
/admin/track/track?redirect=0.4
/switch.php?rb=0.4
/php-scripts/form-handler.php?end_display=0.4
/cg/rk/?url=0.4
/tosite.php?url=0.4
/cambioidioma.php?urlact=0.4
/accueil/spip.php?url=0.4
/IRB/sd/Rooms/RoomComponents/LoginView/GetSessionAndBack?redirectBack=0.4
/search?q=0.4
/default.aspx?URL=0.4
/initiate-sso-login/?redirect_url=0.4
/module.php/core/loginuserpass.php?AuthState=0.4
/authentication/check_login?old=0.4
/RedirectToDoc.aspx?URL=0.4
/shop/bannerhit.php?url=0.4
/acceptcookies/?ReturnUrl=0.4
/index.php?url=0.4
/publang?url=0.2
/home/helperpage?url=0.2
/widgets.aspx?url=0.2
/_lang/en?next=0.2
/application/en?url=0.2
/common/topcorm.do?pathlocation=0.2
/main/action?successTarget=0.2
/Videos/SetCulture?returnURL=0.2
/Localize/ChangeLang?returnUrl=0.2
/_goToSite.asp?urlsito=0.2
/redir?url=0.2
/admin/auth/logined?redirect=0.2
/linkforward?forward=0.2
/modules/babel/redirect.php?newurl=0.2
/umbraco/Surface/LanguageSurface/ChangeLanguage?Url=0.2
/langswitcher.php?url=0.2
/redirect/?url=0.2
/i18n/i18n_user_currencies/change_currency?back=0.2
/accessibilite/textBackUp/?retour=0.2
/fncBox.php?url=0.2
/all4shop-akcie.php?odkazujuca_linka=0.2
/openurl.php?url=0.2
/te3/out.php?u=0.2
/utils/set_language.html?return_url=0.2
/trigger.php?r_link=0.2
/home/lng?cur_url=0.2
/goto?url=0.2
/o.php?url=0.2
/link-master/19/follow?link=0.2
/hack.php?H_name=0.2
/bmad/namhoc.php?return=0.2
/maven/stats.asp?ref=0.2
/Main/WebHome?topic=0.2
/bin/fusion/imsLogin?resource=0.2
/languechange.aspx?url=0.2
/bloques/bannerclick.php?url=0.2
/changesiteversion-full?referer=0.2
/out.php?link=0.2
/bgpage?r=0.2
/signout?returnTo=0.2
/switch_lang.php?return_url=0.2
/nousername.php?redir=0.2
/i/logout?return=0.2
/util_goto_detail_home.cfm?home=0.2
/misc/oldmenu.html?from=0.2
/click.php?url=0.2
/bitrix/rdc/?goto=0.2
/?node=0.2
/setLanguage.php?return=0.2
/redirect/ad?url=0.2
/redirect.php?sUrl=0.2
/redirect?url=0.2
/url?url=0.2

28.12.2019  Top 100 XSS dorks

It's the end of the year and a good time to share things with people.

After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.

It can be used as a powerful dork list so let's update your scanners and get bounties!

First here is the list of most vulnerable parameters along with their frequency.

DorkFrequency
q5.5%
s4.5%
search1.9%
id1.7%
lang1.4%
keyword1.2%
query1.1%
page1.0%
keywords0.8%
year0.8%
view0.8%
email0.8%
type0.7%
name0.7%
p0.7%
month0.6%
immagine0.6%
list_type0.5%
url0.5%
terms0.5%
categoryid0.5%
key0.5%
l0.5%
begindate0.4%
enddate0.4%
categoryid20.4%
t0.4%
cat0.4%
category0.4%
action0.4%
bukva0.4%
redirect_uri0.4%
firstname0.4%
c0.4%
lastname0.3%
uid0.3%
startTime0.3%
eventSearch0.3%
categoryids20.3%
categoryids0.3%
sort0.3%
positiontitle0.3%
groupid0.3%
m0.3%
message0.3%
tag0.3%
pn0.3%
title0.3%
orgId0.3%
text0.3%
handler0.2%
myord0.2%
myshownums0.2%
id_site0.2%
city0.2%
search_query0.2%
msg0.2%
sortby0.2%
produkti_po_cena0.2%
produkti_po_ime0.2%
mode0.2%
CODE0.2%
location0.2%
v0.2%
order0.2%
n0.2%
term0.2%
start0.2%
k0.2%
redirect0.2%
ref0.2%
file0.2%
mebel_id0.2%
country0.2%
from0.1%
r0.1%
f0.1%
field%5B%5D0.1%
searchScope0.1%
state0.1%
phone0.1%
Itemid0.1%
lng0.1%
place0.1%
bedrooms0.1%
expand0.1%
e0.1%
price0.1%
d0.1%
path0.1%
address0.1%
day0.1%
display0.1%
a0.1%
error0.1%
form0.1%
language0.1%
mls0.1%
kw0.1%
u0.1%


This second list is almost the same but with corresponding path :

DorkFrequency
/?s=3.6
/search?q=2.5
/index.php?lang=0.6
/pplay/info_prenotazioni.asp?immagine=0.6
/shared/lgflsearch.php?terms=0.5
/index.php?page=0.4
/search?query=0.4
/en/Telefon-Cam?search=0.4
/index.php?bukva=0.4
/pro/events_print_setup.cfm?list_type=0.3
/pro/events_print_setup.cfm?categoryid=0.3
/pro/events_print_setup.cfm?categoryid2=0.3
/?eventSearch=0.3
/?startTime=0.3
/pro/events_ical.cfm?categoryids=0.3
/pro/events_ical.cfm?categoryids2=0.3
/pro/events_print_setup.cfm?month=0.3
/pro/events_print_setup.cfm?year=0.3
/pro/events_print_setup.cfm?begindate=0.3
/pro/events_print_setup.cfm?enddate=0.3
/search?keyword=0.3
/?q=0.3
/search/?q=0.3
/index.php?pn=0.3
/?lang=0.3
/property/search?uid=0.3
/index.php?id=0.3
/search?orgId=0.3
/products?handler=0.2
/pro/events_print_setup.cfm?view=0.2
/pro/events_print_setup.cfm?keywords=0.2
/?p=0.2
/search.php?q=0.2
/?search=0.2
/pro/minicalendar_detail.cfm?list_type=0.2
/index.php?produkti_po_cena=0.2
/index.php?produkti_po_ime=0.2
/servlet/com.jsbsoft.jtf.core.SG?CODE=0.2
/login?redirect_uri=0.2
/connexion?redirect_uri=0.2
/index.php?action=0.2
/plugins/actu/listing_actus-front.php?id_site=0.2
/index.php?mebel_id=0.2
/search/?search=0.2
/news/class/index.php?myshownums=0.2
/news/class/index.php?myord=0.2
/search.html?searchScope=0.1
/search?field%5B%5D=0.1
/videos?tag=0.1
/videos?place=0.1
/videos?search=0.1
/?email=0.1
/?cat=0.1
/content.php?expand=0.1
/?page=0.1
/search/?s=0.1
/?keywords=0.1
/search/?keyword=0.1
/apps/email/index.jsp?n=0.1
/?name=0.1
/?sort=0.1
/search?search=0.1
/pro/minicalendar_print_setup.cfm?begindate=0.1
/pro/minicalendar_print_setup.cfm?enddate=0.1
/pro/minicalendar_print_setup.cfm?keywords=0.1
/search-results?q=0.1
/?listingtypeid=0.1
/search?s=0.1
/pro/minicalendar_print_setup.cfm?categoryid2=0.1
/?bathrooms=0.1
/?listingagent=0.1
/?featuredsearchseourl=0.1
/?squarefeet=0.1
/?siteid=0.1
/?bedrooms=0.1
/?featuredsearch=0.1
/?price=0.1
/?maxbuilt=0.1
/?lsid=0.1
/?listingtypes=0.1
/?garages=0.1
/?maxprice=0.1
/?minprice=0.1
/?keywordsany=0.1
/?yearbuilt=0.1
/?minbuilt=0.1
/?subdivision=0.1
/?lotsizeval=0.1
/?listingstatusid=0.1
/?mls=0.1
/firms/?text=0.1
/servlet/com.jsbsoft.jtf.core.SG?OBJET=0.1
/plan_du_site.php?lang=0.1
/index.php?Itemid=0.1
/?view=0.1
/?t=0.1
/?selat=0.1
/?selong=0.1
/?nwlat=0.1
/?geo=0.1


I hope you enjoy this :)

Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

  Latest Patched

 25.11.2020 inshallah.com
 25.11.2020 kcentr.ru
 25.11.2020 chiaromonte.gov.it
 25.11.2020 roccacasale.gov.it
 25.11.2020 letino.gov.it
 25.11.2020 photo-ac.com

  Latest Blog Posts

26.10.2020 by _r00t1ng_
Bypass Addslashes using Multibyte Character
26.10.2020 by _r00t1ng_
One Payload to Inject them all - MultiQuery Injection
26.10.2020 by _r00t1ng_
Routed SQL Injection
26.10.2020 by _r00t1ng_
DIOS the SQL Injectors Weapon
26.10.2020 by p4c3n0g3
How to find AngularJS XSS

  Recent Recommendations

@nikitsinelnikov     25 November, 2020
    Twitter nikitsinelnikov:
Thanks for your report! We have fixed the issue.
@chantysothy     25 November, 2020
    Twitter chantysothy:
Thank you so much Cyber_India for reporting us improper access control. We followed your instructions and reproduced again. Also mitigation steps helped us. I recommend this security specialist.
@Guide_Astuces     24 November, 2020
    Twitter Guide_Astuces:
Thank you for reporting the bug and helping me to fix it. Much appreciated. I recommend this security specialist.
@w3c_systeam     24 November, 2020
    Twitter w3c_systeam:
Thank you for your report. We fixed the issue.
@vintage_griffin     23 November, 2020
    Twitter vintage_griffin:
Thank you Cyber_India for identifying and letting us know of an improperly secured server status page.