My Findings

In my free time, I enjoy looking for vulnerabilities in websites which I then report to the webmaster so they can take appropriate action to get it patched. Listed below is a small portion of the sites I helped out and software packages or plugins in which I found a vulnerability.
This does not represent all of my findings.


All of the findings below were reported to the webmaster and resolved.
Websites prefixed with *. indicates that I found vulnerabilities on subdomains of this site.

Note that all websites listed below have a responsible disclosure policy, I do not do security checks on websites that do not have such policy in place.


Dutch DMV* ²SQL InjectionThank You
Dutch Government*.overheid.nlCross Site ScriptingT-Shirt + Champagne
University*.uvt.nlSQL Injection / Cross Site ScriptingT-Shirt
Payment Processing*.mempay.comInformation Disclosure (Secret Keys)Amazon Gift Card
University*.wur.nlSQL InjectionT-Shirt
Residential Careecare.nlCross Site ScriptingAmazon Gift Card
Cancer Society*.kwf.nlArbitrary File UploadThank You
Postal Company*.postnl.nlSQL InjectionCoffee Invitation ²SQL InjectionHall Of Fame
Protestant Churchpgtrynwalden.nlSQL InjectionHall Of Fame
Dutch Central Bankwww.dnb.nlCross Site ScriptingUSB-Stick & Letter
Ministry of Infrastructure & Environment*.rws.nlSQL Injection / Cross Site ScriptingGift Card
Ministry of Health, Welfare & Sportwww.huiselijkgeweld.nlSQL InjectionGift Card
Police Acadamy*.politieacademie.nlSQL Injection / Cross Site ScriptingNo Feedback
City of Amsterdam*.amsterdam.nlSQL InjectionNo Feedback
Care Institute Netherlandswww.medicijnkosten.nlSQL InjectionGift Card
Royal Netherlands Meteorological Institute*.knmi.nlSQL InjectionGift Card
Dutch Counter-Terrorism Unit*.nctv.nlSQL InjectionGift Card


University*.eur.nlSQL InjectionHoodie / Sweater + Hall Of Fame
Dutch DMV*.rdw.nlSQL InjectionLicense Plate
University*.vu.nlSQL InjectionAmazon Gift Card
University*.utwente.nlSQL InjectionHall Of Fame
Train Transportbelgianrail.beSQL Injection / Email Validation BypassNo Response


Game Forumforum.ragezone.comCross Site ScriptingFree Subscription
Network Organization*.ripe.netDirectory Listing, Unauthorized Script AccessThank You
IT Companyonsight.nlCross Site ScriptingThank You
Health Service*.beter.comSQL InjectionAmazon Gift Card
Municipality*.apeldoorn.nlCross Site Scripting / Full Path DisclosureCash Reward
Security Clusterthehaguesecuritydelta.comSQL InjectionThank You

Plugins & Software Packages

vBulletin Profile ReporterSQL Injection
vBulletin vBSSO Single Sign-OnSQL Injection
vBulletin MicroCARTArbitrary File Deletion, SQL Injection, Cross Site Scripting
vBulletin vbBux & vbPlazaSQL Injection
vBulletin Customizable RosterData Extraction, Cross Site Scripting
vBulletin OzzMods ReviewsArbitrary File Upload & Deletion, Cross Site Scripting
vBulletin Verify Email Before RegistrationSQL Injection
vBulletin Point Market SystemSQL Injection
vBulletin SCANU's vBFinderAuthentication Bypass
vBulletin MicroSUPPORTSQL Injection
vBulletin Yay! Another Facebook BridgeSQL Injection
Video Chat By rayzzz.comSQL Injection, Arbitrary File Upload