Jeongwon Jo

About

Especially interested in web2.0/3.0 security,
Blog, Email, @P0cas, @jeongwon__9, @PocasCyber

Work Experience

Experience

CTF Player, No team

Apr, 2020 - Present

Participate alone often :)
Dreamhack Challenge Author
- easyxss-v2 (XSS, SSRF, IDOR, URL Parser Confusing) at Dreamhack#451
- easyxss (XSS, Hostname Bypass) at Dreamhack#273
- Environment Pollution (Prototype Pollution, Strtoupper) at Dreamhack#205
URLParserCon

NPM Researching
- There are various flaws in many URL parsers. This flaw can lead to SSRF, XSS, and Open Redirect
- Have listed the various URL Parser modules of NPM. Found 0-Day in the parser and reported it.
- Earned $4,170 through this project

Bug Bounty

NASA Bug Bounty, NASA
- Remote Code Execution in NASA (1-Day Exploit)
- Remote Code Execution in NASA (0-Day Exploit)
Github Bug Bounty, GITHUB
- 0-Day, Copy and Paste ReDos in github.com
Microsoft Bug Bounty, MICROSOFT
- Just XSS Sanitizer flaw - VULN-064235
ML Frameworks Bug Bounty, MLSecOps

Aug, 2023 - Present
- Read/Write the flows/model data via stored xss in ????? ($10,890)
Dreamhack Bug Bounty, DREAMHACK
- Leak all write ups via IDOR in dreamhack.io ($500)
CVE Hunting, ($4,624)
- CVE-2021-3815, CVE-2021-3829, CVE-2021-3831 ~ CVE-2022-21649, CVE-2023-1117 (26+)
KVE Hunting, KISA ($1,600)

Apr, 2021 - Present
- KVE-2021-1229, KVE-2021-1276, KVE-2021-1416, KVE-2021-1417, KVE-2021-1456, KVE-2021-1462, KVE-2021-1464
NBB Hunting, NAVER ($1,500)

Sep, 2021 - Present
- NBB-2081, NBB-2082, NBB-2083, NBB-2153, NBB-2256, NBB-2285, NBB-2286, NBB-2287, NBB-2292