whoami

Hi,I’m rickshang , The Chinese SRC ID is 无在无不在

I like working on novel attack techniques and finding crazy vulnerabilities

SRC Ranking

• 2023
  • 阔知SRC TOP1
  • 极氪SRC TOP1
  • 百度SRC 迅捷狙击奖-高质量漏洞产出者
• 2024:
  • 看云SRC TOP1
  • 平安SRC TOP9
  • 顺丰SRC TOP10
  • 新东方SRC TOP5
  • 完美世界SRC TOP5
  • 途虎SRC TOP5
  • 小鹏SRC TOP6
  • 斗鱼SRC TOP1
  • 百度SRC TOP11 (洞察巅峰奖-高质量漏洞产出者)
  • 贝壳SRC TOP11

My CVE list:

• CVE-2022-46181 XSS vulnerability in the application image file upload in gotify/server
• CVE-2023-22463 JwtSigKey hardcoded causes the k8s cluster to take over in kubeoperator/kubepi

There are other general vulnerabilities that I can’t publicly disclose yet because they haven’t been fixed

My open source project:

• php-lab
• bucket-takeover-lab

Wechat subscription