Skip to content
View Kirill89's full-sized avatar
111 followers · 41 following

Achievements

Achievement: Pull Sharkx4Achievement: Pair Extraordinairex2Achievement: QuickdrawAchievement: YOLOAchievement: StarstruckAchievement: Arctic Code Vault Contributor

Achievements

Achievement: Pull Sharkx4Achievement: Pair Extraordinairex2Achievement: QuickdrawAchievement: YOLOAchievement: StarstruckAchievement: Arctic Code Vault Contributor

Organizations

@linux-learn @java-self-study @mobb-dev

Block or report Kirill89

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Kirill89/README.md

Hi, I'm Kirill 👋

Information Security Researcher · Software Engineer · Open Source Software Contributor

Blogs

Talks

Vulnerabilities

  1. Open Redirect in Gophish
  2. Path Traversal in Pistache CVE-2022-26068, C/C++
  3. Path Traversal in Webcc CVE-2022-25298, C/C++
  4. Arbitrary File Write in Drogon CVE-2022-25297, C/C++
  5. Arbitrary File Write in Mongoose CVE-2022-25299, C/C++
  6. Content Injection in Crow CVE-2021-23824, C/C++
  7. Path Traversal in Crow CVE-2021-23514, C/C++
  8. Arbitrary File Write in Iris Web Framework CVE-2021-23772, Go
  9. Open Redirect in Clearance CVE-2021-23435, Ruby
  10. DOM-based XSS in Video.js CVE-2021-23414, JavaScript
  11. Open Redirect in Gitpod Go
  12. Prototype Pollution in nedb CVE-2021-23395, JavaScript
  13. Prototype Pollution in yargs-parser CVE-2020-7608, JavaScript
  14. Prototype Pollution in minimist CVE-2020-7598, JavaScript
  15. Denial of Service in ecstatic CVE-2019-10775, JavaScript
  16. Command Injection in php-shellcommand CVE-2019-10774, PHP
  17. SQL Injection in Medoo CVE-2019-10762, PHP
  18. SQL Injection in Pixie Query Builder CVE-2019-10766, PHP
  19. Prototype Pollution in AngularJS CVE-2019-10768, JavaScript
  20. SQL Injection in knex.js CVE-2019-10757, JavaScript
  21. SQL Injection in sequelize CVE-2019-10748, JavaScript
  22. Prototype Pollution in lodash and lodash.merge CVE-2019-10744, JavaScript

Pinned Loading

  1. prototype-pollution-explained prototype-pollution-explained Public

    Prototype Pollution in JavaScript

    JavaScript 75 18

  2. prototype-pollution-exploits prototype-pollution-exploits Public

    Prototype Pollution exploits collection

    JavaScript 34 7

  3. visual-studio-code-extension-security-vulnerabilities visual-studio-code-extension-security-vulnerabilities Public

    HTML 4 1

  4. cpp-bencode cpp-bencode Public

    C++ Bencode Parsing Library

    C++ 1 1

  5. learn-unity learn-unity Public

    ShaderLab 1

  6. trax-retail/url-protector-nginx-module trax-retail/url-protector-nginx-module Public

    This module allow nginx to decrypt strings encrypted with xxtea algorithm. This is useful to hide actual URLs from client.

    C 10 5