Skip to content
View ShadowByte1's full-sized avatar
29 followers · 7 following

Achievements

Achievement: Starstruckx2

Achievements

Achievement: Starstruckx2

Block or report ShadowByte1

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ShadowByte1/README.md

Typing SVG

ShadowByte

Email GitHub

Professional Summary

I am a cybersecurity researcher and penetration tester from Australia. I specialize in Web Application Security, Binary Exploitation, and Vulnerability Research. My work focuses on discovering zero-day vulnerabilities in open-source software and commercial applications through systematic code analysis and fuzzing. I practice responsible disclosure and contribute to securing the software supply chain through CVE reporting and proof-of-concept development.

Security Advisories

ID Package Vulnerability Impact CVE
GHSA-vc9j-w4ch-7h3j Codazon Magento Reflected XSS XSS allowing arbitrary JavaScript execution via crafted payload in cat parameter. Affects v1.1.0.0 - v2.4.7 CVE-2025-60991
GHSA-jmc7-28c7-wx66 Kissflow Platform Stored XSS Stored XSS enabling privilege escalation account takeover and PII Data stolen. Affects v2.0 - v4.2 CVE-2025-57393
GHSA-7q72-8f9r-v4mw PoDoFo Heap Use-After-Free Memory corruption in PdfTokenizer::ReadDictionary causing DoS via malformed PDF. Affects v0.10.0 - v0.10.5 CVE-2025-46205
GHSA-77h4-r63x-87f8 Poppler Stack Overflow DoS via deeply nested PDF metadata structures causing uncontrolled recursion. Affects v24.06.1 - v25.03.0 CVE-2025-43718
GHSA-x867-qv23-g3mv Neto CMS CRLF Injection HTTP response splitting allowing arbitrary code execution. Affects v6.313.0 - v6.314.0 CVE-2025-28357
GHSA-63m8-3cc3-jr6j Neto E-Commerce XSS XSS via kw parameter enabling privilege escalation. Affects v6.313.0 - v6.3115 CVE-2024-57494

Technical Stack

Languages

Python JavaScript C C++ Bash Assembly

Security & Infrastructure

Kali Linux Burp Suite Metasploit Wireshark IDA Pro Ghidra GDB Radare2

Frameworks & Tools

Docker Git Linux OWASP

Key Projects

XSS Payload Collection

Web Security • XSS Research
Comprehensive collection of XSS payloads for penetration testing and security research. Contains bypass techniques for modern WAFs and CSP policies.

SwaggerX

API Security • Automation
Automated security testing tool for Swagger/OpenAPI endpoints with vulnerability detection capabilities.

CVE Reports

Vulnerability Research • Disclosure
Repository documenting discovered vulnerabilities with technical analysis, PoCs, and responsible disclosure timelines.

Research Highlights

  • 6 CVEs published across multiple platforms and frameworks
  • 128+ stars on XSS payload repository
  • Discovered vulnerabilities in: Poppler PDF library, PoDoFo, Neto CMS, Kissflow, Codazon Magento themes
  • Focus areas: Memory corruption bugs, web application security, API fuzzing, binary analysis

Activity

GitHub stats Top Languages

Contact & Collaboration

I'm interested in collaborating on security research, CTF competitions, and vulnerability disclosure. Feel free to reach out for:

  • Security research collaboration
  • Penetration testing projects
  • CTF team participation
  • Responsible disclosure coordination

Popular repositories Loading

  1. XSS XSS Public

    128 20

  2. SwaggerX SwaggerX Public

    8 3

  3. xss-payload-list xss-payload-list Public

    Forked from Proviesec/xss-payload-list

    xss-payload-list

    JavaScript 4

  4. XSS-File-Path-Names XSS-File-Path-Names Public

    XSS in File path Name

    2

  5. CVE-2024-53345 CVE-2024-53345 Public

    Critical 0 Day in Car Rental Management System Versions 1.0 - 1.3

    Python 1

  6. CVE-2024-48245 CVE-2024-48245 Public

    SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3

    1