- I’m an Independent Security Researcher and master cyber security student from Italy. I’m currently working in the cybersecurity sector mainly as a part time Bug Bounty Hunter and Penetration Tester, I enjoy to play hacking competitions and get better. You can check writeups and other stuff on topics related to cybersecurity and Bug Bounty in this blog
- Some things I brag about
- CVE-2024-21627 Bypassing the Validate::isCleanHTML method leads to obtaining XSS in every input sanitized with that method in PrestaShop CMS
- CVE-2022-4105 Markdown injection leads to Stored XSS in KiwiTCMS library. Possibility to account takeover and exploitation of various endpoints.
- CVE-2023-27489 another Stored XSS in KiwiTCMS
- CVE-2023-32686 Stored XSS with weak WAF bypass and CSP bypass in KiwiTCMS.
- Telecom Italia's Responsible Disclosure Hall of Fame
- Top 10 in a famous cryptocurrency website with Private Bug Bounty Hall of Fame subject to non disclosure agreement
- XVIDEOS's Bug Bounty Hall of Fame
- A lot of things I can't share in public :(
- If you want contact me for a job, for my resume or only just ask me something, drop a line here :)
- Blog Posts