Antonio Spataro

• I’m an Independent Security Researcher and master cyber security student from Italy. I’m currently working in the cybersecurity sector mainly as a part time Bug Bounty Hunter and Penetration Tester, I enjoy to play hacking competitions and get better. You can check writeups and other stuff on topics related to cybersecurity and Bug Bounty in this blog
• Some things I brag about
• CVE-2024-21627 Bypassing the Validate::isCleanHTML method leads to obtaining XSS in every input sanitized with that method in PrestaShop CMS
• CVE-2022-4105 Markdown injection leads to Stored XSS in KiwiTCMS library. Possibility to account takeover and exploitation of various endpoints.
• CVE-2023-27489 another Stored XSS in KiwiTCMS
• CVE-2023-32686 Stored XSS with weak WAF bypass and CSP bypass in KiwiTCMS.
• Telecom Italia's Responsible Disclosure Hall of Fame
• Top 10 in a famous cryptocurrency website with Private Bug Bounty Hall of Fame subject to non disclosure agreement
• XVIDEOS's Bug Bounty Hall of Fame
• A lot of things I can't share in public :(
• If you want contact me for a job, for my resume or only just ask me something, drop a line here :)
• Blog Posts
• 2023-09-25 intigriti 0923 challenge writeup
• 2023-09-05 hacking web3 companies at scale using web2 vulnerabilities > three writeups of how i got into your wallet
• 2022-02-10 xss with waf bypass leads to account takeover in old bbp
• 2021-10-28 intigriti 1021 > xss challenge writeup