whoami

Yet another pentester.

Studied at Descartes University (Paris 5), now merged into Sorbonne University.

Studied at the University of Valenciennes and Hainaut-Cambresis, now renamed Polytechnic University of Hauts-de-France.

Studied at Pierre and Marie Curie University (Paris 6), now merged into Sorbonne University.

Former of Sysdream, Atos Digital.Security.

cat vulns/README.txt

Here is a non-exhaustive list of security issues that I've found and reported.

• Not Yet Published: 5 path traversal.
    CVE: CVE-2020-13232
• Not Yet Published: 2 XSS.
    CVE: CVE-2020-13233
• Not Yet Published: 3 SSRF.
    CVE: CVE-2020-13234
• Not Yet Published: 5 information leak.
    CVE: CVE-2020-13235
• Not Yet Published: 5 DOS.
    CVE: CVE-2020-13236
• Centreon (2020-05-13): 2 XSS. [Advisory]
    CVE: CVE-2020-13627, CVE-2020-13628
• Centreon (2020-05-13): 4 Session ID exposures. [Advisory]
    CVE: CVE-2020-10945
• A NF&A2P** alarm system (2019-07-10): Help to break one of encryption systems used in this system. [Article of the audit by a colleague]
• A private system (2019-01): An open-redirect.
• Alwaysdata (2018-10-10): Session IDs leakage of their clients' website. [Writeup]
• gnu.org (2016-06): DNS zone transfer.
• Yunohost (2016): CRLF injection and open-redirect.

cat random_projects/README.txt

To find my projects, go to my Gitlab or my Github.

Or read my daily shitpost on Mastodon.