@rohk_infosec
120 vulns in 120 days challenge on Synack Red Team
Vuln total will include Accepted, Rejected, Duplicate, Merge, and Out of scope
- Start Date: October 18, 2018
- End Date: February 15, 2019
- Finished Date: February 12, 2019
Categories |
# of Vulns |
Reflected XSS |
5 |
Persistent XSS |
30 |
Cross-site Request Forgery |
25 |
Improper Input Validation |
4 |
Access/Privacy Control |
25 |
Insecure Direct Object Reference |
18 |
Functionality Abuse with Malicious Impact |
4 |
Sensitive Information Disclosure |
3 |
Client-Side Validation |
1 |
Server-Side Request Forgery |
2 |
Path Traversal |
3 |
Accepted |
Duplicates |
Rejected |
Pending |
84 |
20 |
16 |
0 |
Total Vulnerabilities Submitted: 120
Week 1 (10/18/2017 - 10/24/2018): 10 Vulns Submitted
- Oct 18
- Accepted - Persistent XSS
- Accepted - Access/Privacy Control
- Oct 22
- Accepted - Improper Input Validation
- Oct 23
- Accepted - Access/Privacy Control
- Duplicate - Reflected XSS
- Duplicate - Persistent XSS
- Duplicate - CSRF
- Oct 24
- Accepted - CSRF
- Accepted - CSRF
- Accepted - Improper Input Validation
Week 2: (10/25/2018 - 10/31/2018): 7 Vulns Submitted
- Oct 25
- Accepted - Sensitive Information Disclosure
- Oct 28
- Duplicate - Persistent XSS
- Duplicate - Functionality Abuse with Malicious Impact
- Duplicate - Functionality Abuse with Malicious Impact
- Oct 31
- Accepted - Reflected XSS
- Merged - CSRF
- Accepted - CSRF
Week 3: (11/01/2018 - 11/07/2018): 2 Vulns Submitted
- Hacking Break
- Nov 1
- Accepted - Persistent XSS
- Nov 4
- Accepted - Persistent XSS
Week 4: (11/08/2018 - 11/14/2018): 9 Vulns Submitted
- Nov 8
- Accepted - Access/Privacy Control
- Accepted - Access/Privacy Control
- Nov 9
- Accepted - Access/Privacy Control
- Nov 10
- Rejected - Insecure Direct Object Reference
- Nov 12
- Nov 13
- Rejected - Access/Privacy Control
- Nov 14
- Accepted - Persistent XSS
- Duplicate - Access/Privacy Control
- Duplicate - Persistent XSS
Week 5: (11/15/2018 - 11/21/2018): 7 Vulns Submitted
- Nov 16
- Accepted - Access/Privacy Control
- Rejected - CSRF
- Accepted - Insecure Direct Object Reference
- Nov 18
- Accepted - Sensitive Information Disclosure
- Accepted - Access/Privacy Control
- Nov 20
- Accepted - Access/Privacy Control
- Accepted - CSRF
Week 6: (11/22/2018 - 11/28/2018): 4 Vulns Submitted
- Hacking Break
- Nov 22
- Accepted - Persistent XSS
- Rejected - Persistent XSS
- Accepted - Persistent XSS
- Nov 26
- Accepted - Persistent XSS
Week 7: (11/29/2018 - 12/05/2018): 10 Vulns Submitted
- Nov 29
- Accepted - Reflected XSS
- Duplicate - Insecure Direct Object Reference
- Accepted - CSRF
- Accepted - CSRF
- Nov 30
- Accepted - Client-Side Validation
- Dec 1
- Duplicate - Access/Privacy Control
- Accepted - Persistent XSS
- Dec 3
- Accepted - Persistent XSS
- Accepted - Persistent XSS
- Accpeted - Persistent XSS
Week 8: (12/06/2018 - 12/12/2018): 18 Vulns Submitted
- Dec 6
- Accepted - Persistent XSS
- Accepted - CSRF
- Dec 7
- Accepted - Persistent XSS
- Accepted - Insecure Direct Object Reference
- Accepted - Insecure Direct Object Reference
- Accepted - Persistent XSS
- Dec 8
- Accepted - Improper Input Validation
- Accepted - Access/Privacy Control
- Accepted - Persistent XSS
- Accepted - Persistent XSS
- Accepted - Access/Privacy Control
- Accepted - Access/Privacy Control
- Accepted - Persistent XSS
- Dec 9
- Rejected - Access/Privacy Control
- Accepted - Insecure Direct Object Reference
- Dec 10
- Accepted - Insecure Direct Object Reference
- Dec 11
- Accepted - Persistent XSS
- Dec 12
- Rejected - Access/Privacy Control
Week 9: (12/13/2018 - 12/19/2018): 3 Vulns Submitted
- Hacking Break
- Dec 17
- Accepted - Insecure Direct Object Reference
- Dec 18
- Accepted - CSRF
- Rejected - Access/Privacy Control
Week 10: (12/20/2018 - 12/26/2018): 11 Vulns Submitted
- Dec 19
- Accepted - Insecure Direct Object Reference
- Dec 20
- Dec 22
- Rejected - CSRF
- Accepted - Server-Side Request Forgery
- Dec 23
- Duplicate - CSRF
- Accepted - CSRF
- Dec 24
- Accepted - Functionality Abuse with Malicious Impact
- Accepted - CSRF
- Dec 26
- Rejected - CSRF
- Duplicate - CSRF
- Accepted - CSRF
Week 11: (12/27/2018 - 01/02/2019): 5 Vulns Submitted
- Hacking Break
- Dec 30
- Rejected - CSRF
- Rejected - CSRF
- Jan 1
- Duplicate - Access/Privacy Control
- Jan 2
- Accepted - Persistent XSS
- Accepted - Persistent XSS
Week 12: (01/03/2019 - 01/09/2019): 5 Vulns Submitted
- Jan 3
- Rejected - CSRF
- Accepted - Path Traversal
- Accepted - Path Traversal
- Accepted - Path Traversal
- Jan 6
- Accepted - Access/Privacy Control
Week 13: (01/10/2019 - 01/16/2019): 2 Vulns Submitted
- Hacking Break
- Jan 15
- Duplicate - Insecure Direct Object Reference
- Accepted - Persistent XSS
Week 14: (01/17/2019 - 01/23/2019): 5 Vulns Submitted
- Hacking Break
- Jan 17
- Duplicate - Access/Privacy Control
- Jan 18
- Duplicate - Insecure Direct Object Reference
- Jan 21
- Jan 22
- Duplicate - Insecure Direct Object Reference
- Jan 23
- Accepted - Persistent XSS
Week 15: (01/24/2019 - 01/30/2019): 7 Vulns Submitted
- Jan 24
- Accepted - Improper Input Validation
- Accepted - Access/Privacy Control
- Duplicate - Access/Privacy Control
- Jan 26
- Accepted - Insecure Direct Object Reference
- Accepted - Access/Privacy Control
- Jan 27
- Duplicate - Functionality Abuse with Malicious Impact
- Accepted - Insecure Direct Object Reference
Week 16: (01/31/2019 - 02/06/2019): 9 Vulns Submitted
- Feb 2
- Rejected - Sensitive Information Disclosure
- Accepted - Persistent XSS
- Duplicate - Persistent XSS
- Feb 3
- Rejected - Persistent XSS
- Accepted - Insecure Direct Object Reference
- Accepted - Insecure Direct Object Reference
- Feb 5
- Accepted - CSRF
- Accepted - Reflected XSS
- Accepted - Access/Privacy Control
Week 17: (02/07/2019 - 02/13/2019): 6 Vulns Submitted
- Feb 7
- Accepted - Insecure Direct Object Reference
- Rejected - CSRF
- Feb 11
- Rejected - Access/Privacy Control
- Feb 12
- Accepted - Server-Side Request Forgery
- Accepted - Persistent XSS
- Accepted - Insecure Direct Object Reference
(FINAL) Week 18: (02/14/2019 - 02/15/2019): 0 Vulns Submitted
- CHALLENGE FINISHED FEB 12TH @ 7:49PM PST