Zeď slávy (Hall of Fame)

Na této stránce pravidelně aktualizujeme seznam našich hrdinů - lovců, kteří se aktivně zapojili do programu Bug Bounty.

D. Straka – SQL injection
Michal Špaček (@spazef0rze) – Cross-site request forgery (CSRF), Cross-site scripting (XSS), SQL injection
Milan "Hodza" Kozák – SQL injection, Information Disclosure
Ondřej Žára – Cross-site scripting (XSS)
Kamil Vávra – Cross-site request forgery (CSRF), Unexpected log report
Tomáš Hudáč – Cross-site scripting (XSS)
Jaromír Hamala – Unauthorized access to server administration interface
Martin Hartl – Cross-site scripting (XSS), Open Redirect
Jaroslav Martínek – Information Disclosure
Ayoub Fathi – Cross-site scripting (XSS)
Tom – Information Disclosure
@securehack z HACKTRACK security – Multiple Cross-site scripting (XSS), Blind SQL injection, Information disclosure, Redirect / XSS attack
Marek Malcovský – Cross-site scripting (XSS), Remote code execution, Open Redirect
Tonda Hýža – Cross-site scripting (XSS), Information Disclosure
Martin Doupovec – Information Disclosure
Michal Smrčka – Cross-site scripting (XSS)
martanc – Information Disclosure
Ayoub Ait Elmokhtar – Information Disclosure, Remote code execution
SOOM.cz – SQL injection, Information Disclosure, Cross-site scripting (XSS)
Murat Yilmazlar – @muratyilmazlarr - Cross-site scripting (XSS)
Hamit Abis – Open Redirect
Vahagn (vah13) Vardanyan – Information Disclosure
Marek Křivan – Cross-site scripting (XSS)
Eusebiu Blindu – Cross-site scripting (XSS)
MEHMET NURCAN (fb/mehsul) – Cross-site scripting (XSS)
Milan A Solanki (Mashack) – Cross-site request forgery (CSRF)
Pavel Schön – Cross-site scripting (XSS)
Ondřej Smrž – Cross-site scripting (XSS)
Petr Kletečka (petr.kle.cz) – Cross-site scripting (XSS), SSLStripProxy
MAZLUM BOZAN – Cross-site scripting (XSS)
Eusebiu Blindu (http://www.testalways.com/) – Information Disclosure
Harsha Vardhan (@hvboppana) – Cross-site scripting (XSS)
Matěj Polák – Cross-site scripting (XSS)
Milan Rossa – Cross-site scripting (XSS), Open Redirect, Unauthorized Access
Michal Smolka – Cross-site scripting (XSS), Cross-site request forgery (CSRF), Information Disclousure
Josef Krajkář – Clickjacking
Ali Burak Aydın – Mesut Uçar - Cross-site scripting (XSS)
Tcaciuc Bogdan Vasile – Information Disclosure, Cross-site scripting (XSS)
Richard Strnad – Open Redirect
Milan Kyselica – Clickjacking
Shubham Maheshwari – Clickjacking
Zekvan Arslan – Cross-site scripting (XSS), Open Redirect
Ismail Taşdelen (LinkedIn/Twitter) – SQL Injection, Cross-site request forgery (CSRF), ClickJacking, Multiple Cross-site scripting (XSS), Information Disclosure, Missing rate limit, Security misconfiguration, Broken Authentication, Microsoft IIS tilde directory enumeration
Berk Dusunur @berkdusunur – Cross-site scripting (XSS), Open Redirect, Information Disclosure, CRLF Injection, SQL Injection
Simge Gungor – Cross-site scripting (XSS)
Ahmet Gurel – Cross-site scripting (XSS), SQL Injection, Remote Code Execution (RCE)
Yunus YILMAZ (ynsy) – Open Redirect
PwnSquad aka WeedSquad – Information Disclosure
MUHAMMED SADETTİN KARATAŞ (LinkedIn) – Information Disclosure, Clickjacking, Cross-site scripting (XSS), Open Redirect
Ankur Pandey – SQL injection
Muhammed Enes GÖK – Clickjacking
Felipe "Renzi" Gabriel - (LinkedIn) - Denial of Service (DoS), Broken Authentication
Peter Stasko - Clickjacking
Furkan YILANCI - ClickJacking, Reflected cross-site scripting
Kerem Tamcı - SQL injection
Virendra Tiwari - HTTP header
Ben Chinoy - Privilege escalation for server, Unsecured communication, Default login, Cross-site scripting, other
Abhishek Karle (@AbhishekKarle3) - Improper Session Management
lacroute serge (LinkedIn) - Cross-site scripting (XSS)
R Atik Islam - Improper Session Management
Mustafa Kemal Can (muskecan) - Information Disclosure
René Kroka - Cross-site scripting (XSS)
Anusha Deekonda - Cross-site scripting (XSS), Open Redirect
Shashank Singh Rathore (!nj3c+0R) - Cross-site scripting (XSS)
Rahad Chowdhury - Cross-site scripting (XSS)
Tomáš Polešovský (@topolik) - Cross-site scripting (XSS), Remote Code Execution (RCE)
Ritik Chaddha(pwn_box) Twitter - Information Disclosure
Piotr Karolak - Default login
Sijisu (sijisu.eu) - Open Redirect, Cross-site scripting (XSS)
Ataberk Yavuzer (0xsaiyajin.github.io) - SQL Injection, Cross-site scripting (XSS), Remote Code Execution (RCE)
Battal Faik Aktaş (Twitter) - SQL injection, Cross-site Scripting, Cross-site scripting (XSS), Host Header Injection, Server-side request forgery (SSRF)
Berat Gokberk ISLER (Linkedin) - SQL injection, Cross-Site Scripting (XSS)
Samet Emiroğlu (Twitter) - Cross-Site Scripting (XSS)
Pritam Mukherjee (Linkedin) - Unsecured communication
Emre Durmaz (Linkedin) - Cross-site scripting (XSS)
Nuri Yavuz (Linkedin) - Cross-site scripting (XSS)
Burak Ünal (@ _d4rkbrain)- Information Disclosure
B.Dhiyaneshwaran - Information Disclosure (Stack Trace Error)
Berk İmran (Berkimran.com.tr/Linkedin) - Information Disclosure
Yash Anand (Linkedin) - Information Disclosure
Santhosh Kumar (Twitter/Linkedin) - Information Disclosure
@mnykmct - Information Disclosure, Privilege escalation for server/application
Shivang Trivedi (LinkedIn) - Information Disclosure (XSS)
B.Dhiyaneshwaran - Information Disclosure (Configuration files, API keys)
Prakash Kumar (LinkedIn) - Unsecured communication
surg4bij4k - SQL injection, Information Disclosure, Cross-site scripting (XSS)
grunge (Twitter) - SQL injection
pranav bhandari (LinkedIn) - Privilege Escalation
Virus (Twitter) - Editace a čtení dat jiných uživatelů
Evangelos Mitakidis @mrpentest (LinkedIn) - Information Disclosure
marwa khalfaoui (LinkedIn) - Privilege Escalation, Information Disclosure
Alisha Sheikh (LinkedIn) - Information Disclosure
Baburao Kittur (Twitter/LinkedIn) - Privilege escalation for server/application
Evangelos Mitakidis (mitakidis@gmail.com) - Information Disclosure
Mohammed Magdi Shafig Ahmed (Facebook/Twitter) - HTTP header, Information Disclosure
Emad Shanab (Twitter) - Path traversal, Information Disclosure, Privilege escalation for server/application
serji lacroute (Twitter) - Other
Suraj Bhosale (Twitter) - Information Disclosure
Hüseyin ALTUNKAYNAK (Twitter) - Cross-site scripting (XSS), SQL injection
Shrimant Subhash More (Twitter/LinkedIn) - Information Disclosure
Mehmet Can GÜNEŞ (Twitter) - Information Disclosure, Possible DoS Attack
Quang Vu Dinh (Twitter) - Data manipulation
Jonáš Hanulík - Cross-site scripting (XSS)
Srikar V (Exp1o1t9r/LinkedIn) - Data manipulation, Information Disclosure, Data tampering
Yunus AYDIN (Twitter) - Possible DoS Attack, Information Disclosure
Rachit Verma @b43kd00r (LinkedIn) - Information Disclosure
shailesh kumavat (hackerone.com/0x240x23elu/Twitter) - Data manipulation, Information Disclosure
Arpit Borawake (Twitter) - Information Disclosure
Ai Ho (j3ssie) - Information Disclosure
Philippe Delteil @philippedelteil - Information Disclosure
Paul Seekamp (LinkedIn) - Information Disclosure
Mayur Kishor Baviskar (LinkedIn/GitHub) - Information Disclosure
Abdullah Zafar (LinkedIn) - Data manipulation
Gaurang Maheta (LinkedIn/Twitter) - Data manipulation, Information Disclosure
Alwoares Naeem (Twitter) - Information Disclosure
Mohamed Elbadry (Twitter) - Information Disclosure
Muhammad Sadikul Islam @0xadik - Information Disclosure
Golam Faruk Ovi (Twitter) - Information Disclosure
mert tasci (mert.ninja/Twitter) - Information Disclosure
Jai Kumar B (LinkedIn) - Data manipulation
Abison Binoy (Twitter) - Data manipulation
Ilyas ORAK (LinkedIn) - SQL injection
K Mohammed Danish faraz (LinkedIn/Twitter) - Open Redirect
Ibrahim Saud M (LinkedIn/Twitter) - Open Redirect
Sachhit Anasane - Cross-site scripting (XSS), iframe injection
D. Jaya Shankar (Twitter) - Data manipulation
Thierno DIOP @g33kdiop - Information Disclosure
J75 - Information Disclosure
Daniel Bechenea (LinkedIn) - Information Disclosure
Ignit3d (LinkedIn) - Cross-site scripting (XSS), HTTP header
Kinshuk Kumar (LinkedIn) - Security Misconfiguration
Mohsin Khan (Twitter) - Information Disclosure
Ravi Kishor (Twitter) - Information Disclosure
Harinder Singh - S1N6H (LinkedIn) - Information Disclosure, Broken Authentication, HTTP header, Clickjacking
Hemant Patidar (LinkedIn) - Information Disclosure
Mayur Parmar th3cyb3rc0p (LinkedIn) - Information Disclosure
sekharlee (Twitter / LinkedIn) - Information Disclosure
Shubham Garg (LinkedIn) - Information Disclosure
Ajaysen R (LinkedIn) - Information Disclosure
Foysal Ahmed Fahim (Twitter) - Information Disclosure
ISHAN VYAS (Twitter) - Data manipulation, Broken Authentication
Smaran Chand (smaranchand.com.np) - Data manipulation
Daniel Blindu (Twitter) - Data manipulation, Information Disclosure, Cross-site scripting (XSS)
Shoeb Shaikh (LinkedIn) - Information Disclosure
Mateusz Kowalczyk (LinkedIn) - Information Disclosure
Foysal Ahmed Fahim- Data manipulation, Information Disclosure
Mustafa Can IPEKCI @mcipekci - Cross-site scripting (XSS)
Pranav Prakash Yadav (LinkedIn) - Information Disclosure
Moataz Reda (Twitter / Facebook) - Data manipulation
Abhijeet Sarkar (Twitter / Facebook) - Data manipulation
Chirag Artani (Twitter / Chirag Artani) - Data manipulation
Walid Hossain (Twitter) - Data manipulation
Tomáš Rydlo - Application logic flaw
Numan Rajkotiya (Twitter) - Data manipulation
MelarDev (Twitter) - Server-side request forgery (SSRF)
Süleyman ERGEN @hatsat32 (Twitter) - Data manipulation
Kamran (LinkedIn) - Clickjacking
Pipupipu - Broken Access Control
Steven Hampton (Twitter) - Clickjacking
Onur ER (Twitter / LinkedIn / www.onurer.net) - Broken Authentication
Michal Vašíček (@mchlvsck - Twitter) - Information Disclosure
Omar ElSayed (Facebook) - Data manipulation
Numan Turle (Twitter) - Remote Code Execution (RCE)
Siddhesh Joshi (LinkedIn) - Remote Code Execution (RCE)
Shuvam Adhikari (Twitter / Facebook) - Path traversal
Deniz Parlak (Twitter / Blog) - Security misconfiguration
Rıza Sabuncu (Twitter / rizasabuncu.com) - Path traversal, SQL injection, Cross-site scripting (XSS), Server-side request forgery (SSRF)
CeCu (Twitter: @ceyhunulas / ceyhunulas.com ) - Information Disclosure
Praveen Kumar (Twitter: @Krack71214288 ) - Data manipulation
Burak Tahtacı (Twitter: @btahtaci / buraktahtaci.com ) - Path traversal
Mustafa Sanlı (exhandler) (LinkedIn) - Information Disclosure, Open Redirect
spookhorror - Link to an Expired Domain, Unsecured communication, Information Disclosure, Subdomain takeover, Clickjacking, Missing rate limit, other
Mohammed Amine El Attar (@ElAtt4r) - Cross-site scripting (XSS)
Abhith Damodaran - Cross-site scripting (XSS)
Nam Ha Bach (LinkedIn) - Cross-site scripting (XSS)
Aniket Akhade - Clickjacking
Tom Samson - Remote Code Execution (RCE)
Muhammet Gedik (LinkedIn / Twitter: @h4ck2s3c) - SQL injection, Cross-site scripting (XSS)
Ali Ezdemir - Cross-site scripting (XSS)
Mehmet Kelepçe (Twitter @doskey_history) - Cross-site scripting (XSS)
Muhammad Danial (Twitter) - Information Disclosure
Gaurav Dalal (webcipher101)(LinkedIn) - Information Disclosure
Vu Van Tien (@n0_Be3r) from IT Security of Techcombank - Information Disclosure
Jan Patrovský - honzapat - Broken Access Control
Oguzhan Karaman - (LinkedIn) - Information Disclosure
Jayesh Madnani - Information Disclosure
Martin Choma - (LinkedIn) - Information Disclosure
Jiří Stůj - (LinkedIn) - Rate limit bypass
Amin Dadashi - (Twitter) - Cross-site scripting (XSS)
Mojtaba Hosseini - (Twitter) - Cross-site scripting (XSS)
Inderjeet Singh - (Twitter / Rashahack) - Information Disclosure
Corrie Sloot - (CyberFortress Security) - Subdomain takeover
Yousef Mohamed Elsaid - (LinkedIn) - Broken Access Control
Ilker Durmuş - (LinkedIn) - Open Redirect
Vishal Vishwakarma - (LinkedIn) - Information Disclosure
thebee0x (Twitter) - Broken Access Control
Naveen Kumawat (nvk0x) - (LinkedIn) - Other
Akrachli Yassine - (LinkedIn) - Information Disclosure
Adrian Tirado Garcia - (LinkedIn) - Information Disclosure, HTTP header
Mohamed Ibrahim - (Twitter) - SQL injection
Léon Meizou (4sterix) - (LinkedIn) - Information Disclosure, File Upload
Syed Muhammad Khizar Hussain - (LinkedIn) - Broken Access Control
Abdelrahman Ibrahim Farg - (LinkedIn) - Information Disclosure
Navreet - (LinkedIn) - Information Disclosure
Keyur Maheta - (LinkedIn) - FTP Anonymous Login
Huseyin Burak Imdat - (LinkedIn) - Cross-site scripting (XSS)
Jan Polišenský - (X) - Cross-site scripting (XSS)
Dhruvi Pandya - (LinkedIn) - Information Disclosure
Huzaifa Shaikh - (LinkedIn) - Subdomain takeover
Jakub Marczak (jaccobdev) - Information Disclosure