Search

Crtc4L-PH

Independent Security Researcher

WordPress Bug Bounty

11 months ago i just reported a xss vulnerability at wordpress via hackerone and after they verify my report they just fix it a.s.a.p and rewarded me of $150 for bounty.

this is the content of my report

how to the xss bug.

and hit enter.

the result will appear with the running marquee text on it.

you can also enter this code <h2>HTML <small>Small</small> Formatting</h2>, <h2>HTML <big>Small</big> Formatting</h2>

Its my first time to submit bugs in here i hope that this is a bug.

Featured post

Old Vulnerabilities

I just discover that some of the websites are still prone to hacking due to previous reported vulnerabilities and other website are still not updated for what is the latest software or updates for their using platform like CMS sites Forum sites and others

Some of cms platform are using on banking websites and due to some lack of knowledge they are not updating their cms platform. This will bring their website breached by some attackers.

Last night i just random search for websites that are having old vulnerabilities. Guess what? i just discover a bank website that has old version of cms platform and still vulnerable to old reported vulnerabilities. i search for possible entry of malicious file

and whala! a file upload vulnerability exist, sqli vulnerability exist too. and other stuff.

I immediately reported to their costumer representative about what i discover to their website. and immediately too they respond and they will look into my report and they will report it back to me if there is a progress.

after a day. i just receive a message that my report is verified and valid security risk. And they immediately offer me a reward.

I will not mention the name of the website that i was talking about due to security purpose.  That’s all! and thank you for reading my article.

New Year’s Gift

I just receive a reward Civilization VI Game Key from Sapphire Technology Club  after i just submit a report at their website. 🙂 and about the report I rather just make this private because of the admin’s request. sorry 🙂

Vulnerability report

I just reported a vulnerability on a website and they verify it and fix it.

after that in exchange of reward they give me a announcement credit to their website for discovering the security hole of their website.

The name of the website is Hesperus Ragnarok Online

Security Report

Last2x week i just reported a blog website that has a multiple vulnerabilities and after i reported that their website has a multiple vulnerabilities. The website admin decided that instead he give me a bounty reward in paypal, he wrote a article that mentioning my pseudonym and give me a credit of what i just discovered in his website. The website that I’ve reported is DavaoBase.com

Not all website that are reported with vulnerabilities will give you a reward in money, some website administrator will wrote you a article that mentioning your name or they will put you in a hall of fame to their page for discovering some security holes. These are the priceless bug bounty and this is also a lifetime achievement.

Expose Data

I just reported a website that expose their sql data including the encrypted admin password.

the name of the company is MegaSoft Company in Philippines

still they are not replying on the email that i sent to them.

Powered by WordPress.com.

Up ↑