Security Researcher specializing in web application penetration testing and cloud security research.
- Working as a security engineer at GMO Flatt Security, focusing on web application pentesting
- Hunting vulnerabilities through Google VRP, focusing on Cloud VRP, currently ranked 177th / 1,905 (Top 10%)
- SSRF Exposes OpenAI API Keys in berriai/litellm
- XSS via chat information tooltip in open-webui/open-webui
- RCE by Non-Admin Users via CSRF in open-webui/open-webui
- Possible userinfo Leakage in
URI.join/URI#mergein ruby - Possible SSRF and Credential Leakage via Absolute URL in axios Requests
- Potential SSRF Vulnerability in httparty Leading to API Key Leakage in httparty