YesWeHack β’ Intigriti β’ Pentesterlab
Hacker at β€οΈ, I bring my passion for cybersecurity to my work every day. With a background in bugbounty, I have a unique perspective on how to identify and remediate potential threats to systems. I have contributed to several projects, including the development of new open source tools, scripts or the discovery of vulnerabilities.
My latest personal blog posts
- Investigating a Compromised WordPress Site
- Hookd: A Lightweight Out-of-Band Interaction Server
- Simple Monitoring Solution
- Smart Contract Testing in Remix
- Ethernaut - Dex Two
- Damn Vulnerable Defi : The Rewarder
- Damn Vulnerable Defi : Side Entrance
- Damn Vulnerable Defi : Truster
- Damn Vulnerable Defi : Naive Receiver
- Collaborative Code Auditing
- Damn Vulnerable Defi : Unstoppable
- Extract and monitor bugbounty scopes
- Blogging in 2025: My Thoughts
- Bruteforce vs Permutations
- Basic recon to RCE III
- DNS Tools Comparison
- Basic recon to RCE II
- My bounty infrastructure
- Basic recon to RCE
- SSRF Through PDF Generation
- My first OOB XXE exploitation
- Binary search in Golang on large files
Tenable Blog
Tenable Medium
- CVE-2024β8182 : Accidental Discovery of an Unauthenticated DoS
- Solidus β Code Review
- WordPress MyCalendar Plugin β Unauthenticated SQL Injection(CVE-2023β6360)
- WordPress BuddyForms Plugin β Unauthenticated Insecure Deserialization (CVE-2023β26326)
- Multiples WordPress plugins CVE analysis
- Wordpress 6.0.3 Patch Analysis
BugBountyHunter Website
Synetis Blog
2025
- TRA-2025-50 - Exposed API Key in Ultimate Dashboard
- TRA-2025-34 - SSRF Bypass in BentoML
- TRA-2025-33 - Exposed API Key in Feed Them Social
- TRA-2025-32 - Exposed API Key in WP Social Ninja
- CVE-2025-2304 - Privilege Escalation in Camaleon CMS
2024
- CVE-2024-12015 - SQL Injection in Project Manager
- CVE-2024-10859 - SQL Injection in Surecart
- CVE-2024-9148 - Stored XSS in Flowise
- CVE-2024-8182 - Denial of Service in Flowise
- CVE-2024-7790 - Stored XSS in DevikaAI
- CVE-2024-7297 - Privilege Escalation in Langflow
- CVE-2024-4960 - Reflected XSS in WP RSS Aggregator
- CVE-2024-4959 - Stored XSS in Solidus
- CVE-2024-1063 - Blind SSRF in AppWrite
- CVE-2024-1061 - SQL Injection in HTML5 Video Player
2023
- CVE-2023-6360 - SQL Injection in My Calendar
- CVE-2023-4137 - Reflected XSS in AYS Popup Box
- CVE-2023-28667 - Insecure Deserialization in Lead Generated
- CVE-2023-28666 - Reflected XSS in InPost Gallery
- CVE-2023-28665 - Reflected XSS in Bulk Price Update
- CVE-2023-28664 - Reflected XSS in MDTF β Meta Data Filter
- CVE-2023-28663 - SQL Injection in Formidable PRO2PDF
- CVE-2023-28662 - SQL Injection in Gift Vouchers and Packages
- CVE-2023-28661 - SQL Injection in WP Popup Banners
- CVE-2023-28660 - SQL Injection in Events Made Easy
- CVE-2023-28659 - SQL Injection in Waiting: One-click countdowns
- CVE-2023-28017 - Stored XSS in CraftCMS
- CVE-2023-26326 - Insecure Deserialization in BuddyForms
- CVE-2023-26325 - SQL Injection in ReviewX
- CVE-2023-23492 - Reflected XSS in Login with Phone Number
- CVE-2023-23491 - Reflected XSS in Quick Event Manager
- CVE-2023-23490 - SQL Injection in Survey Maker
- CVE-2023-23489 - SQL Injection in Easy Digital Downloads
- CVE-2023-23488 - SQL Injection in Paid Memberships Pro
- CVE-2023-0448 - Reflected XSS in WP Helper Lite
2022
- CVE-2022-1731 - SQL Injection in Metasonic Doc WebClient
- CVE-2022-38131 - Open Redirect in RStudio Connect
2021
- CVE-2021-41262 - SQL Injection in Galette
- CVE-2021-41261 - Stored XSS in Galette
- CVE-2021-41260 - CSRF in Galette
2020
- CVE-2020-25070 - CSRF in USVN
- CVE-2020-25069 - RCE in USVN
- CVE-2020-15081 - Information Disclosure in PrestaShop
