Jack Burton

Cybersecurity Areas of Proficiency(with relevant disclosed report by me, when applicable):

Verified Web Application Skill set on Hackerone (A feature that is now deprecated unfortunately):

Discovery of reflected, stored, DOM-based, and blind XSS vulnerabilities, including filter evasion

• Click to see a simple example where I chained open redirect to XSS on Twitter.
• Simple reflected XSS example.
• Many more undisclosed reports, including filter evasion and blind XSS.

Discovery of SOP bypasses, especially using Origin header

• A unique SOP bypass I found using a Cross-domain policy
• Many standard SOP bypasses using Origin header undisclosed.

Discovery of blind and standard SSRF vulnerabilities

• Many undisclosed reports, mostly blind SSRF.

Discovery of blind and standard HTML Injection vulnerabilities

• Click to see one of my standard HTML Injection reports.
• Many undisclosed reports including blind examples.

Discovery of IDOR vulnerabilities (many undisclosed reports)

Other skill areas include DoS (through unique means, not just flooding with requests), authorization token vulnerabilities, subdomain takeovers, sensitive data disclosures, and other miscellaneous, unique vulnerabilities.

• Click to see one of my subdomain takeovers.
• Click to see one of my unique vulnerabilities.