I'm Pixeel, a two-month lurker turned hopeful contributor. I picked my username because Pixel was too plain and my second choice, Pixella, seemed a little weird. I don't even like eels that much anyway.
I'm a 17-year old hobbyist programmer currently going through 12th grade and am currently on my Christmas break, which is how I decided to sign up for the site. I hope to study Computer Science for college.
I have been experimenting with PHP, Flask, Ruby on Rails, and other frameworks.
I originally tried to code my own MVC framework but decided it would be too complicated for a novice like me.
Although I am not a professional web dev/white-hat hacker (nor do I play one on TV), I have managed to warn several websites via e-mail about some super basic and frankly stunning PHP security vulnerabilities:
URL modification to edit posts that aren't mine.
No input validation for $_GET variables OR hidden fields.
Spoofing the cookie username value to be a moderator, an administrator, or a user who doesn't exist.
XSS vulnerabilities due to improper escaping.
CSRF vulnerabilities that still haven't been fixed yet.
Posting in a locked forum thread.
Deleting forum threads by editing the URL (no permissions checks).
No permissions checks on functions that allowed moderators to ban users and even IP ban them.
Passwords are still stored in plain text (even 10 years later after someone complained).
It opened my eyes to the sheer amount of developers who neglect sanity checks. Most of the flaws I just mentioned were from one site, and I'm pretty sure that reporting them so much pissed off the administrators (I did, however, get mostly positive responses).
Apart from my tales of volunteer bug-hunting, there's nothing else to really say about me, except I hope to learn a lot and help out a lot of people here. Thanks again to everyone who may reply, and see you on the forums.