
About
Szafirowski Pawel
Email: pawel saphir.berlin
Services
-
Penetration testing – flexible approach:
- Web application / thick client / API / infrastructure (black‑box or grey‑box)
- Rapid penetration test (identify as many issues as possible quickly, prioritising high‑risk findings)
-
Bug bounty – participation in:
- Public programs (e.g., via invitation on HackerOne, YesWeHack, Synack, Intigriti, Inspectiv)
- Private, company‑internal programs (limited researcher pools)
External resources

Synack – Hero & Acropolis recognitions (Szafirowski Pawel)
Hero: yearly award for impact and production.
“15 for 15” highlights top researchers monthly.



Microsoft SharePoint Elevation of Privilege – CVE‑2025‑53760 (Szafirowski Pawel)
High
7.1
Full SSRF in Microsoft Office SharePoint allows an authorised attacker to elevate privileges over a network.