Participate in CTF at ST4RT and icypete but i participate alone often :)

• easyxss-v2 (XSS, SSRF, IDOR, URL Parser Confusing) at Dreamhack#451
• easyxss (XSS, Hostname Bypass) at Dreamhack#273
• Environment Pollution (Prototype Pollution, Strtoupper) at Dreamhack#205

• There are various flaws in many URL parsers. This flaw can lead to SSRF, XSS, and Open Redirect
• Have listed the various URL Parser modules of NPM. Found 0-Day in the parser and reported it.
• Earned $4,170 through this project

• Remote Code Execution in NASA (1-Day Exploit)
• Remote Code Execution in NASA (0-Day Exploit)

• 0-Day, Copy and Paste ReDos in github.com

• Just XSS Sanitizer flaw - VULN-064235

• Expected to be released soon after patch

• Learn unauthorized model via CSRF in ????? ($$$$)
• Read/Write the flows/model data via stored xss in ????? ($10,890)

• Leak all write ups via IDOR in dreamhack.io ($500)

• CVE-2021-3815, CVE-2021-3829, CVE-2021-3831 ~ CVE-2022-21649, CVE-2023-1117 (26+)

• KVE-2021-1229, KVE-2021-1276, KVE-2021-1416, KVE-2021-1417, KVE-2021-1456, KVE-2021-1462, KVE-2021-1464

• NBB-2081, NBB-2082, NBB-2083, NBB-2153, NBB-2256, NBB-2285, NBB-2286, NBB-2287, NBB-2292