SYSTEM_INITIALIZING...

ZEYNALXAN QULIYEV

>> OFFENSIVE SECURITY SPECIALIST & BUG HUNTER <<

SECURING THE DIGITAL INFRASTRUCTURE. SPECIALIZING IN OFFENSIVE SECURITY, VULNERABILITY ASSESSMENT, AND RED TEAM OPERATIONS.

EXPLORE TARGETS DOWNLOAD INTEL (CV)

0

SECURITY BUGS REPORTED

0

COMPANIES ACKNOWLEDGED

0

CVEs PUBLISHED

CONFIRMED_HITS [HALL OF FAME]

Ferrari

FERRARI

CRITICAL VULN
Microsoft

MICROSOFT

HIGH SEVERITY
Apple

APPLE

BROKEN ACCESS
Bitget

BITGET

MEDIUM SEVERITY
NASA

NASA

IDOR FOUND
Porsche

PORSCHE

OPEN REDIRECT
Cisco

CISCO

MISCONFIG
Monash

MONASH UNI

MULTIPLE BUGS
WHO

WHO

MISCONFIG
Panasonic

PANASONIC

ACCESS CONTROL
Lenovo

LENOVO

FIXED
CERT-EU

CERT-EU

ACKNOWLEDGED
Bayer

BAYER

CORS ISSUE
3CX

3CX

MISCONFIG
Sprinklr

SPRINKLR

BROKEN ACCESS
Unesco

UNESCO

XSS FOUND

SYSTEM_ARSENAL [SKILLS]

SCRIPTING_ENGINE

  • > Python (Automation)
  • > Bash (Shell Scripting)
  • > JavaScript (Client-side)
  • > PHP (Server-side)

WEB_DEFENSE_EVASION

  • > OWASP Top 10
  • > WAF Bypassing Techniques
  • > API Security Testing
  • > GraphQL Exploitation

INTEL_GATHERING

  • > Nmap / Masscan
  • > Amass / Subfinder
  • > Nuclei (Templates)
  • > Google Dorking / OSINT

EXPLOITATION_OPS

  • > Burp Suite Pro
  • > Metasploit Framework
  • > SQLMap / NoSQLMap
  • > Manual Exploitation

NET_&_CLOUD_INFRA

  • > Docker / Containers
  • > AWS Security Basics
  • > Wireshark (Traffic Analysis)
  • > Firewall Configuration

THREAT_INTEL_&_FORENSICS

  • > Digital Forensics
  • > Dark Web Monitoring
  • > Data Leak Analysis
  • > Threat Hunting (OSINT)

VERIFIED_CREDENTIALS [CERTS]

eWPTXv3

eLearnSecurity Web Application Penetration Tester eXtreme

ADVANCED

IELTS 6.0

International English Language Testing System

COMMUNICATION

VULNERABILITY_DATABASE [CVEs]

CVE-2024-11605 DEC 2024

Wordpress Plugin Stored XSS

The wp-publications plugin (<=v1.2) fails to escape filenames before rendering, allowing Stored XSS even for admins without unfiltered_html.

XSS WORDPRESS
CVE-2024-11125 NOV 2024

Cross-Site Request Forgery (CSRF)

The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CSRF REMOTE

INTERCEPTED_TRANSMISSIONS [FEEDBACK]

LATAM AIRLINES

"Very helpful information, and well detailed. The average response time was very fast."

MERCEDES-BENZ TEAM

"Thank you for submitting a report. Your efforts are greatly appreciated. We confirm that the reported vulnerability is valid and have started on the necessary steps to fix it."

MONASH UNIVERSITY

"Thank you for your submission. Enjoy your reward and keep up the good work. Happy hunting! Thanks for your well-written report and POC."

MINISTRY OF DEFENCE

"We thank @zeynalxanquliyev for their great report and thus helping to keep the MODs systems secure. We look forward to working with you in the future. Happy hunting!"

THE BUCK4BUG TEAM

"We appreciate the security mindset you've shown in identifying this. We value your contributions and look forward to your future submissions."

SECURE_UPLINK [CONTACT]

>> DIRECT_COMMUNICATION_PROTOCOL: LINKEDIN_CHANNEL

ESTABLISH_LINK