# WHO AM I?
## NAME
Lee Wonpyeong
## NICKS
Safflower, plzdonotsay, st4rburst, pushesp, etc..
## DESCRIPTION
I am a security researcher and university student from Republic of Korea.
Currently learning ECMAScript.
## ORGANIZATIONS
· Kwangwoon Univ - https://www.kw.ac.kr
· Demon - https://demonteam.org
· S.E.D - https://github.com/seoul-electric-decomposer
· $wag, UnityLab, etc..
## CERTIFICATE
· 정보처리기능사 (158155301388)
· 해킹보안전문가 3급 (HSE-1501-30001)
· 인터넷정보관리사 2급 (IIS-1504-000448)
· 리눅스마스터 2급 (LMS-1702-001667)
## CHALLENGE AUTHOR
### 2018
· 18st HackingCamp CTF
· 2018 Layer7 CTF
· 2018 Power of XX CTF Prequals
· 2018 Power of XX CTF Finals
## SPEAKER
### 2018
· Nefus of Sunrin Internet High School - Web Application Vulnerability
· TeamLog of Sunrin Internet High School - SQL Injection Attack & Defense
## DEVELOPMENTS
## BUG HUNTING
### 2014
· XpressEngine - Stored XSS (KVE-2014-0083)
### 2015
· Naver Cafe - Spoofing Grade
### 2016
· Naver Blog - Clickjacking
· Naver Blog - Clickjacking
### 2017
· Maps Marker Pro - SQL Injection
· Maps Marker Pro - SQL Injection
· Maps Marker Pro - SQL Injection
· Maps Marker Pro - SQL Injection
· Maps Marker Pro - SQL Injection
· Maps Marker Pro - SQL Injection
· Maps Marker Pro - Delete File
· GNUBOARD5 - Hijack Board Permission (KVE-2017-1029)
· Naver Whale - Bypass XSS Auditor (KVE-2017-1034)
· Naver Whale - Bypass XSS Auditor (KVE-2017-1040)
· GNUBOARD5 - Reflected XSS & File Inclusion (KVE-2017-1047)
### 2018
· GNUBOARD5 - Hijack Session ID (KVE-2018-0013)
· YOUNGCART5 - SQL Injection (KVE-2018-0101)
· YOUNGCART5 - SQL Injection (KVE-2018-0102)
· GNUBOARD5 - Leak Account (KVE-2018-0109)
· YOUNGCART5 - Reflected XSS & Remote Code Execution (KVE-2018-0346)
· GNUBOARD5 - Reflected XSS & Remote Code Execution (KVE-2018-0356)
· GNUBOARD5 - Reflected XSS & Remote Code Execution (KVE-2018-0358)
· GNUBOARD5 - Reflected XSS & Remote Code Execution (KVE-2018-0366)
· GNUBOARD5 - Reflected XSS & Remote Code Execution (KVE-2018-0379)
· YOUNGCART5 - SQL Injection (KVE-2018-0405)
· GNUBOARD5 - Leak Account & Remote Code Execution (KVE-2018-0510)
· Dothome - Remote Code Execution
· GNUBOARD5 - SQL Injection
· asked.kr - Stored XSS
## LINKS
## CONTACTS