Jonathan Bouman (@JonathanBouman) / X

Jonathan Bouman

370 posts

Jonathan Bouman

@JonathanBouman

Medical Doctor (GP) & Security Researcher

Amsterdam, Netherlands

Joined January 2009

Jonathan Bouman
@JonathanBouman
Sep 19, 2018
Just published a new blog. Stealing internal server files from @IKEA.com by exploiting a LFI bug in their PDF library. Furthermore an in-depth discussion about Responsible Disclosures. Read more: medium.com/@jonathanbouma… Would love to hear your opinion and feedback!
GIF
Jonathan Bouman
@JonathanBouman
Aug 6, 2020
And another new report; a blind SQL injection bug found at one of the subdomains of @HEMA. Learn how to create a payload that ex-filtrates data by using the SLEEP() function, read the full write-up: medium.com/@jonathanbouma…
GIF
Jonathan Bouman
@JonathanBouman
Aug 7, 2022
After 2 weeks of hacking I won the 🥈 2nd place overall Award and the 🥇 Vigilante Award at the @Hacker0x01 Live Hacking Event in Las Vegas! Thanks @zseano, @thedawgyg, @jackds1986, @tomikoski for the great collabs!♥️🥳 #H1702
00:00
Jonathan Bouman
@JonathanBouman
May 12, 2020
Just published a new write-up! How I found a bug in a Wordpress payment plugin and used it to become an administrator: medium.com/@jonathanbouma…
GIF
Jonathan Bouman
@JonathanBouman
Mar 19, 2021
My first @Hacker0x01 live event was a blast! 🥇😄🎉!!!
Luke Tucker
@luketucker
Mar 19, 2021
Yowza $750K+. 🤑 Can't wait to hand out some awards to several amazing hackers tomorrow. Who will be the #h12103 MVH? @JonathanBouman derision @zseano @itscachemoney @spaceraccoonsec @ArchAngelDDay @ajxchapman... ?
Jonathan Bouman
@JonathanBouman
Dec 14, 2023
New write-up! 📜 Remote Code execution at ws1.aholdusa.com @AholdDelhaize — Compromising logins of Ahold Delhaize USA employees for >3.5 years (or even 18 years?). XSS to Perl SSTI RCE. Learn more at:
Remote Code execution at ws1.aholdusa.com — Compromising logins of Ahold Delhaize USA employees
From medium.com
27K
Jonathan Bouman
@JonathanBouman
Aug 12, 2025
🥇 1st place at the Las Vegas @Hacker0x01 @amazon Challenge with @zseano ❤️✨, 2 weeks remote + 2 days live at the Wynn. Real bugs, real impact, patched fast. Shout-out to @tobias_bouman for crushing it after switching from law to infosec. DEFCON was madness! Now time to chill 🏖️
GIF
11K
Jonathan Bouman
@JonathanBouman
Apr 4, 2019
A new blog! A potential data leak at IKEA due to a leaked Salesforce API key: medium.com/@jonathanbouma… Please give me your feedback :-)
GIF
Jonathan Bouman
@JonathanBouman
Oct 7, 2018
New blog: Creating a phishing login at @LinkedIn.com by manipulating Open Graph Tags used by their blogging platform, resulting in a persistent XSS attack. Read more: medium.com/@jonathanbouma… … … As always, please give me feedback! :-)
GIF
Jonathan Bouman
@JonathanBouman
Aug 6, 2020
A new report; a reflected XSS bug found at one of the subdomains of @HEMA. The injected payload hijacks the login screen and ex-filtrates the login credentials. See medium.com/@jonathanbouma…
GIF
Jonathan Bouman
@JonathanBouman
Sep 24, 2024
We did it again! ✨✨✨ Won the #H1031 @amazon Vigilante (Most Important to the Customer) award with @zseano 🦹‍♂️❤️! Over 90 bugs found this month—what a wild ride! Huge thanks to @fransrosen & @avlidienbrunn for uncovering some mind-blowing bugs with the 4 of us. On to the next!
zseano
@zseano
Sep 24, 2024
finally #h1031 is over and won 1st place on Amazon Retail and Vigilante with @JonathanBouman :D Dream team!! did not win MVH but maybe one day! Now going to take a small break but will be back to hacking next week :D GGs everyone !!! it was fun :)
12K
Jonathan Bouman
@JonathanBouman
Apr 6, 2019
A new bug bounty write up: Email content spoofing at IKEA.com. medium.com/@jonathanbouma…
GIF
Jonathan Bouman
@JonathanBouman
Jun 22, 2018
How I Hacked @Apple.com: medium.com/@jonathanbouma…
GIF
Jonathan Bouman
@JonathanBouman
Mar 22, 2024
🐛 Two different IDOR bugs at mijn.VvAA.nl @VvAA lead to potential access to data of 130k healthcare providers; including their own cyber risk insurance policy documents 📃🚨
Two different IDOR bugs at mijn.VvAA.nl
From medium.com
9.7K