Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
603,726 coordinated disclosures
388,464 fixed vulnerabilities
922 bug bounties with 1,852 websites
18,634 researchers, 1194 honor badges

tbmTop-50 VIP Open Redirect Reporter Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile


Security researcher tbm has already helped fix 2399 vulnerabilities.



Researcher reputation:  100

Real name:
tbm n.

About me:
Security Researcher

How to contact me:
bbhtest123 @ gmail.com

Award / Bug Bounty I prefer:
at least 'thanks'

Halls of Fame:
Many

Recommendations and Acknowledgements

@1und1     27 January, 2017
    Twitter 1und1 Andreas Maurer from 1&1 Internet:
tbm reported severals bugs on our website. He was fast, polite and professional. A great help and much appreciated.
@couponplus_ag     22 August, 2020
    Twitter couponplus_ag Markus from CouponPlus AG:
Many thanks for reporting the security vulnerabilities! With the details you provided we could fix the issues very quickly. Very fast response time!
@TristanGuiheux     9 December, 2019
    Twitter TristanGuiheux tristanguiheux from LA POSTE:
tbmnull has helped us to find and fix some issues on web sites we're protecting. This kind of help is greatly appreciated from a security perspective. This way we can improve ourselves and protect our customers. Thanks again in my name.
@NewLineHorizon1     3 August, 2019
    Twitter NewLineHorizon1 Melisa from NewLineHorizon:
Dear,

Thanks for participating in responsible disclosure program.
The reports you submitted were extremely helpful to our team and provided us the details we needed to resolve the issues that you identified.
We are deeply committed to provide a safe and secure experience to our users and are therefore grateful for your efforts to help us improve our services.

Best Regards!
@ycjisysspg_sec     23 April, 2018
    Twitter ycjisysspg_sec ycjisysspg_sec from Yamaha Corporation:
Thank you tbmnull for finding the XSS vulnerability on www.yamaha.com (Reports No: 180851, 180214).
Though a long time has passed from your reporting, we inform that we mended the vulnerabilities.
Keep up the good work!
@antonio_farina     7 October, 2016
    Twitter antonio_farina Antonio from translated.net:
Thank you tbmnull for reporting the XSS vulnerability found on translated.net website.
The details you provided helped to fix the issue immediately.

Great work.
@jonny_caos     5 October, 2016
    Twitter jonny_caos Jonathan from Wine-Searcher:
Thank you tbmnull for finding the XSS vulnerability on wine-searcher. You responded quickly and with detail to enable us to fix the issue promptly. Keep up the good work!

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:3208
Total reports on VIP sites:1385
Total patched vulnerabilities:2399
Total vulnerabilities on Hold (Open Bug Bounty):51
Recommendations received:7
Active since:03.04.2015
Top Security Researcher Awards:Gold Star Top Security Researcher of the Month
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate


Researcher Certificate



No posts in blog yet


Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

Domain Reported Status Type
18.06.2015
patched
Cross Site Scripting
18.06.2015
patched
Cross Site Scripting
21.05.2015
patched
Cross Site Scripting
19.05.2015
patched
Cross Site Scripting
19.05.2015
patched
Cross Site Scripting
13.05.2015
patched
Cross Site Scripting
11.05.2015
patched
Cross Site Scripting
04.05.2015
patched
Cross Site Scripting
01.05.2015
patched
Cross Site Scripting
29.04.2015
patched
Open Redirect
29.04.2015
patched
Open Redirect
29.04.2015
patched
Cross Site Scripting
24.04.2015
patched
Cross Site Scripting
24.04.2015
unpatched
Cross Site Scripting
17.04.2015
patched
Cross Site Scripting
17.04.2015
patched
Cross Site Scripting
17.04.2015
patched
Cross Site Scripting
08.04.2015
patched
Cross Site Scripting
08.04.2015
unpatched
Cross Site Scripting
07.04.2015
patched
Cross Site Scripting

  Latest Patched

 20.10.2020 ibisingold.me
 20.10.2020 bolsamania.com
 20.10.2020 doteasy.com
 19.10.2020 kusch.ws
 19.10.2020 4gamer.net
 19.10.2020 alamy.com
 19.10.2020 alfa.tj
 19.10.2020 politicalcompass.org
 19.10.2020 timbux.com
 18.10.2020 cdromance.com

  Latest Blog Posts

05.10.2020 by _r00t1ng_
Steal IP Address using Image
05.10.2020 by _r00t1ng_
DDOS Using SQL injection (SiDDOS)
05.10.2020 by _r00t1ng_
XSS Injection with SQLi
14.09.2020 by aninda_anon
VPS Cheatsheet for bug hunting
14.09.2020 by pk_12397
A Story of IDOR To Account Takeover

  Recent Recommendations

@vadus     19 October, 2020
    Twitter vadus:
Warbid helped disclose several vulnerabilities on our website. With his help, we were able to patch this issue and close up the vulnerability. Thank you very much for your help, and thank you for helping to make the web a safer place.
@pagel     18 October, 2020
    Twitter pagel:
Many thanks to cyberaz0r for pointing out a css vulnerability on our site. He was very pleasant to deal with and shared his knowledge openly.
@amswebs     16 October, 2020
    Twitter amswebs:
Thank you for your help with this XSS vulnerability. We appreciate the responsible reporting via openbugbounty.
@xlaunay     16 October, 2020
    Twitter xlaunay:
Thank you for identifying and reporting a vulnerability on our site.
@NinjaLingo     16 October, 2020
    Twitter NinjaLingo:
Juampa helped us to fix a XSS vulnerability on our site. His description of the issue was very clear and helped a lot. He is very good to work with and was available for questions.

Unfortunately (for him) he is very fast and efficient. Let me explain: He contacted us directly after finding the vulnerability and we fixed it (with his help) before openbugbounty could confirm it. So this might not be in his openbugbounty profile.

I'm hoping he finds more vulnerabilities on our site, as it was a good experience working with him.

Daniel
Founder of Lingo Ninja