My Findings

In my free time, I enjoy looking for vulnerabilities in websites which I then report to the webmaster so they can take appropriate action to get it patched. Listed below is a small portion of the sites I helped out and software packages or plugins in which I found a vulnerability.
This does not represent all of my findings.


All of the findings below were reported to the webmaster and resolved.
Note that all websites listed below have a responsible disclosure policy, I do not do security checks on websites that do not have such policy in place.


ecare.nlCross Site ScriptingAmazon Gift Card
kwf.nlArbitrary File UploadThank You
pgtrynwalden.nlSQL InjectionHall Of Fame


eur.nlSQL InjectionGift Package (sweater and other little goodies) + Hall Of Fame (Dutch DMV)SQL InjectionLicense Plate
vu.nlSQL InjectionAmazon Gift Card
utwente.nlSQL InjectionHall Of Fame
belgianrail.beSQL Injection / Email Validation BypassNo Response


forum.ragezone.comCross Site ScriptingFree Subscription
ripe.netDirectory Listing, Unauthorized Script AccessThank You
onsight.nlCross Site ScriptingThank You
beter.comSQL InjectionAmazon Gift Card
apeldoorn.nlCross Site Scripting / Full Path DisclosureCash Reward
thehaguesecuritydelta.comSQL InjectionThank You

Plugins & Software Packages

vBulletin Profile ReporterSQL Injection
vBulletin vBSSO Single Sign-OnSQL Injection
vBulletin MicroCARTArbitrary File Deletion, SQL Injection, Cross Site Scripting
vBulletin vbBux & vbPlazaSQL Injection
vBulletin Customizable RosterData Extraction, Cross Site Scripting
vBulletin OzzMods ReviewsArbitrary File Upload & Deletion, Cross Site Scripting
vBulletin Verify Email Before RegistrationSQL Injection
vBulletin Point Market SystemSQL Injection
vBulletin SCANU's vBFinderAuthentication Bypass
vBulletin MicroSUPPORTSQL Injection
vBulletin Yay! Another Facebook BridgeSQL Injection
Video Chat By rayzzz.comSQL Injection, Arbitrary File Upload