YesWeHack • Intigriti • Pentesterlab
Hacker at ❤️, I bring my passion for cybersecurity to my work every day. With a background in bugbounty, I have a unique perspective on how to identify and remediate potential threats to systems. I have contributed to several projects, including the development of new open source tools, scripts or the discovery of vulnerabilities.
I am a self-taught who is constantly seeking out new opportunities to grow and develop my skills. Whether it’s through training or hands-on experience, I have a drive to stay ahead of the curve in my field. With my combination of technical aptitude and passion for the industry.
I will continue to work on exciting projects and pursue new challenges, always with a commitment to the field that will only continue to grow. Whether I am working on open source tools, participating in bugbounties, or simply sharing my knowledge with others.
My latest personnal blog posts
Tenable Blog
Tenable Medium
- CVE-2024–8182 : Accidental Discovery of an Unauthenticated DoS
- Solidus — Code Review
- WordPress MyCalendar Plugin — Unauthenticated SQL Injection(CVE-2023–6360)
- WordPress BuddyForms Plugin — Unauthenticated Insecure Deserialization (CVE-2023–26326)
- Multiples WordPress plugins CVE analysis
- Wordpress 6.0.3 Patch Analysis
BugBountyHunter Website
Synetis Blog
2024
- CVE-2024-9148 - Stored Cross-Site Scripting in Flowise
- CVE-2024-8182 - Unauthenticated Denial of Service in Flowise
- CVE-2024-7790 - Stored Cross-Site Scripting in DevikaAI
- CVE-2024-7297 - Privilege Escalation in Langflow
- CVE-2024-4960 - Reflected Cross-Site Scripting in WP RSS Aggregator
- CVE-2024-4959 - Stored Cross-Site Scripting in Solidus
- CVE-2024-1063 - Unauthenticated Blind SSRF in AppWrite
- CVE-2024-1061 - Unauthenticated SQL Injection in HTML5 Video Player
2023
- CVE-2023-6360 - Unauthenticated SQL Injection in My Calendar
- CVE-2023-4137 - Unauthenticated Reflected Cross-Site Scripting in AYS Popup Box
- CVE-2023-28667 - Unauthenticated Insecure Deserialization in Lead Generated
- CVE-2023-28666 - Authenticated Reflected Cross-Site Scripting in InPost Gallery WordPress plugin
- CVE-2023-28665 - Authenticated Reflected Cross-Site Scripting in Bulk Price Update
- CVE-2023-28664 - Authenticated Reflected Cross-Site Scripting in MDTF – Meta Data and Taxonomies Filter
- CVE-2023-28663 - Authenticated SQL Injection in Formidable PRO2PDF
- CVE-2023-28662 - Unauthenticated SQL Injection in Gift Vouchers and Packages
- CVE-2023-28661 - Authenticated SQL Injection in WP Popup Banners
- CVE-2023-28660 - Authenticated SQL Injection in Events Made Easy
- CVE-2023-28659 - Authenticated SQL Injection in Waiting: One-click countdowns
- CVE-2023-28017 - Stored Cross-Site Scripting in CraftCMS
- CVE-2023-26326 - Unauthenticated Insecure Deserialization in Buddyforms
- CVE-2023-26325 - Authenticated SQL Injection in ReviewX
- CVE-2023-23492 - Unauthenticated Reflected Cross-Site Scripting in Login with Phone Number
- CVE-2023-23491 - Unauthenticated Reflected Cross-Site Scripting in Quick Event Manager
- CVE-2023-23490 - Authenticated SQL Injection in Survey Maker
- CVE-2023-23489 - Unauthenticated SQL Injection in Easy Digital Downloads
- CVE-2023-23488 - Unauthenticated SQL Injection in Paid Memberships Pro
- CVE-2023-0448 - Unauthenticated Reflected Cross-Site Scripting in WP Helper Lite
2022
- CVE-2022-1731 - Unauthenticated SQL Injection in Metasonic Doc WebClient
- CVE-2022-38131 - Unauthenticated Open Redirect in RStudio Connect
2021
- CVE-2021-41262 - Authenticated SQL Injection in Galette
- CVE-2021-41261 - Authenticated Stored Cross-Site Scripting in Galette
- CVE-2021-41260 - Cross-Site Request Forgery in Galette
2020
- CVE-2020-25070 - Cross-Site Request Forgery in USVN with Serizao
- CVE-2020-25069 - Remote Code Execution in USVN with Serizao
- CVE-2020-15081 - Exposure of Sensitive Information in PrestaShop
- Top 3 in duo with Reptou during a YesWeHack live event.