Antonio Spataro

• I’m an Independent Security Researcher from Italy, currently working in the cybersecurity sector mainly as Bug Bounty Hunter and Penetration Tester. I enjoy to play hacking competitions and get better. You can check writeups and other stuff on topics related to cybersecurity and Bug Bounty in this blog
• Some things I brag about
• CVE-2024-21627 Bypassing the Validate::isCleanHTML method leads to obtaining XSS in every input sanitized with that method in PrestaShop CMS
• CVE-2022-4105 Markdown injection leads to Stored XSS in KiwiTCMS library. Possibility to account takeover and exploitation of various endpoints.
• CVE-2023-27489 another Stored XSS in KiwiTCMS
• CVE-2023-32686 Stored XSS with weak WAF bypass and CSP bypass in KiwiTCMS.
• Telecom Italia's Responsible Disclosure Hall of Fame
• Identified hundreds of critical vulnerabilities across various companies through bug bounty platforms, earning top positions on leaderboards of well-known organizations
• A lot of things I can't share in public :(
• If you want contact me for a job, for my resume or only just ask me something, drop a line here :)
• Blog Posts
• 2023-09-25 Intigriti 0923 Challenge Writeup
• 2023-09-05 Hacking Web3 Companies At Scale Using Web2 Vulnerabilities > Three Writeups Of How I Got Into Your Wallet
• 2022-02-10 Xss With Waf Bypass Leads To Account Takeover In Old Bbp
• 2021-10-28 Intigriti 1021 > Xss Challenge Writeup