My Findings

In my free time, I enjoy looking for vulnerabilities in websites which I then report to the webmaster so they can take appropriate action to get it patched. Listed below is a small portion of the sites I helped out and software packages or plugins in which I found a vulnerability.
This does not represent all of my findings.

Websites

All of the findings below were reported to the webmaster and resolved.
Websites prefixed with *. indicates that I found vulnerabilities on subdomains of this site.

Note that all websites listed below have a responsible disclosure policy, I do not do security checks on websites that do not have such policy in place.

2017

TypeSiteFindingReward
Dutch DMV*.rdw.nl ²SQL InjectionThank You
Dutch Government*.overheid.nlCross Site ScriptingT-Shirt + Champagne
University*.uvt.nlSQL Injection / Cross Site ScriptingT-Shirt
Payment Processing*.mempay.comInformation Disclosure (Secret Keys)Amazon Gift Card
University*.wur.nlSQL InjectionT-Shirt
Residential Careecare.nlCross Site ScriptingAmazon Gift Card
Cancer Society*.kwf.nlArbitrary File UploadThank You
Postal Company*.postnl.nlSQL InjectionCoffee Invitation
Universityeur.nl ²SQL InjectionHall Of Fame
Protestant Churchpgtrynwalden.nlSQL InjectionHall Of Fame

2016

TypeSiteFindingReward
University*.eur.nlSQL InjectionHoodie / Sweater + Hall Of Fame
Dutch DMV*.rdw.nlSQL InjectionLicense Plate
University*.vu.nlSQL InjectionAmazon Gift Card
University*.utwente.nlSQL InjectionHall Of Fame
Train Transportbelgianrail.beSQL Injection / Email Validation BypassNo Response

2015

TypeSiteFindingReward
Game Forumforum.ragezone.comCross Site ScriptingFree Subscription
Network Organization*.ripe.netDirectory Listing, Unauthorized Script AccessThank You
IT Companyonsight.nlCross Site ScriptingThank You
Health Service*.beter.comSQL InjectionAmazon Gift Card
Municipality*.apeldoorn.nlCross Site Scripting / Full Path DisclosureCash Reward
Security Clusterthehaguesecuritydelta.comSQL InjectionThank You

Plugins & Software Packages

vBulletin Profile ReporterSQL Injection
vBulletin vBSSO Single Sign-OnSQL Injection
vBulletin MicroCARTArbitrary File Deletion, SQL Injection, Cross Site Scripting
vBulletin vbBux & vbPlazaSQL Injection
vBulletin Customizable RosterData Extraction, Cross Site Scripting
vBulletin OzzMods ReviewsArbitrary File Upload & Deletion, Cross Site Scripting
vBulletin Verify Email Before RegistrationSQL Injection
vBulletin Point Market SystemSQL Injection
vBulletin SCANU's vBFinderAuthentication Bypass
vBulletin MicroSUPPORTSQL Injection
vBulletin Yay! Another Facebook BridgeSQL Injection
Video Chat By rayzzz.comSQL Injection, Arbitrary File Upload