Zeď slávy (Hall of Fame)

Na této stránce pravidelně aktualizujeme seznam našich hrdinů - lovců, kteří se aktivně zapojili do programu Bug Bounty.

  • D. Straka – SQL injection
  • Michal Špaček (@spazef0rze) – Cross-site request forgery (CSRF), Cross-site scripting (XSS), SQL injection
  • Milan "Hodza" Kozák – SQL injection, Information Disclosure
  • Ondřej Žára – Cross-site scripting (XSS)
  • Kamil Vávra – Cross-site request forgery (CSRF), Unexpected log report
  • Tomáš Hudáč – Cross-site scripting (XSS)
  • Jaromír Hamala – Unauthorized access to server administration interface
  • Martin Hartl – Cross-site scripting (XSS), Open Redirect
  • Jaroslav Martínek – Information Disclosure
  • Ayoub Fathi – Cross-site scripting (XSS)
  • Tom – Information Disclosure
  • @securehack z HACKTRACK security – Multiple Cross-site scripting (XSS), Blind SQL injection, Information disclosure, Redirect / XSS attack
  • Marek Malcovský – Cross-site scripting (XSS), Remote code execution, Open Redirect
  • Tonda Hýža – Cross-site scripting (XSS), Information Disclosure
  • Martin Doupovec – Information Disclosure
  • Michal Smrčka – Cross-site scripting (XSS)
  • martanc – Information Disclosure
  • Ayoub Ait Elmokhtar – Information Disclosure, Remote code execution
  • SOOM.cz – SQL injection, Information Disclosure, Cross-site scripting (XSS)
  • Murat Yilmazlar – @muratyilmazlarr - Cross-site scripting (XSS)
  • Hamit Abis – Open Redirect
  • Vahagn (vah13) Vardanyan – Information Disclosure
  • Marek Křivan – Cross-site scripting (XSS)
  • Eusebiu Blindu – Cross-site scripting (XSS)
  • MEHMET NURCAN (fb/mehsul) – Cross-site scripting (XSS)
  • Milan A Solanki (Mashack) – Cross-site request forgery (CSRF)
  • Pavel Schön – Cross-site scripting (XSS)
  • Ondřej Smrž – Cross-site scripting (XSS)
  • Petr Kletečka (petr.kle.cz) – Cross-site scripting (XSS), SSLStripProxy
  • MAZLUM BOZAN – Cross-site scripting (XSS)
  • Eusebiu Blindu (http://www.testalways.com/) – Information Disclosure
  • Harsha Vardhan (@hvboppana) – Cross-site scripting (XSS)
  • Matěj Polák – Cross-site scripting (XSS)
  • Milan Rossa – Cross-site scripting (XSS), Open Redirect, Unauthorized Access
  • Michal Smolka – Cross-site scripting (XSS), Cross-site request forgery (CSRF), Information Disclousure
  • Josef Krajkář – Clickjacking
  • Ali Burak Aydın – Mesut Uçar - Cross-site scripting (XSS)
  • Tcaciuc Bogdan Vasile – Information Disclosure, Cross-site scripting (XSS)
  • Richard Strnad – Open Redirect
  • Milan Kyselica – Clickjacking
  • Shubham Maheshwari – Clickjacking
  • Zekvan Arslan – Cross-site scripting (XSS), Open Redirect
  • Ismail Taşdelen (LinkedIn/Twitter) – SQL Injection, Cross-site request forgery (CSRF), ClickJacking, Multiple Cross-site scripting (XSS), Information Disclosure, Missing rate limit, Security misconfiguration, Broken Authentication, Microsoft IIS tilde directory enumeration
  • Berk Dusunur @berkdusunur – Cross-site scripting (XSS), Open Redirect, Information Disclosure, CRLF Injection, SQL Injection
  • Simge Gungor – Cross-site scripting (XSS)
  • Ahmet Gurel – Cross-site scripting (XSS), SQL Injection, Remote Code Execution (RCE)
  • Yunus YILMAZ (ynsy) – Open Redirect
  • PwnSquad aka WeedSquad – Information Disclosure
  • MUHAMMED SADETTİN KARATAŞ (LinkedIn) – Information Disclosure, Clickjacking, Cross-site scripting (XSS), Open Redirect
  • Ankur Pandey – SQL injection
  • Muhammed Enes GÖK – Clickjacking
  • Felipe "Renzi" Gabriel - Denial of Service (DoS)
  • Peter Stasko - Clickjacking
  • Furkan YILANCI - ClickJacking, Reflected cross-site scripting
  • Kerem Tamcı - SQL injection
  • Virendra Tiwari - HTTP header
  • Ben Chinoy - Privilege escalation for server, Unsecured communication, Default login, Cross-site scripting, other
  • Abhishek Karle (@AbhishekKarle3) - Improper Session Management
  • lacroute serge (LinkedIn) - Cross-site scripting (XSS)
  • R Atik Islam - Improper Session Management
  • Mustafa Kemal Can (muskecan) - Information Disclosure
  • René Kroka - Cross-site scripting (XSS)
  • Anusha Deekonda - Cross-site scripting (XSS), Open Redirect
  • Shashank Singh Rathore (!nj3c+0R) - Cross-site scripting (XSS)
  • Rahad Chowdhury - Cross-site scripting (XSS)
  • Tomáš Polešovský (@topolik) - Cross-site scripting (XSS), Remote Code Execution (RCE)
  • Ritik Chaddha(pwn_box) Twitter - Information Disclosure
  • Piotr Karolak - Default login
  • Sijisu (sijisu.eu) - Open Redirect, Cross-site scripting (XSS)
  • Ataberk Yavuzer (0xsaiyajin.github.io) - SQL Injection, Cross-site scripting (XSS), Remote Code Execution (RCE)
  • Battal Faik Aktaş (Twitter) - SQL injection, Cross-site Scripting, Cross-site scripting (XSS), Host Header Injection
  • Berat Gokberk ISLER (Linkedin) - SQL injection, Cross-Site Scripting (XSS)
  • Samet Emiroğlu (Twitter) - Cross-Site Scripting (XSS)
  • Pritam Mukherjee (Linkedin) - Unsecured communication
  • Emre Durmaz (Linkedin) - Cross-site scripting (XSS)
  • Nuri Yavuz (Linkedin) - Cross-site scripting (XSS)
  • Burak Ünal (@ _d4rkbrain)- Information Disclosure
  • B.Dhiyaneshwaran - Information Disclosure (Stack Trace Error)
  • Berk İmran (Berkimran.com.tr/Linkedin) - Information Disclosure
  • Yash Anand (Linkedin) - Information Disclosure
  • Santhosh Kumar (Twitter/Linkedin) - Information Disclosure
  • @mnykmct - Information Disclosure, Privilege escalation for server/application
  • Shivang Trivedi (LinkedIn) - Information Disclosure (XSS)
  • B.Dhiyaneshwaran - Information Disclosure (Configuration files, API keys)
  • Prakash Kumar (LinkedIn) - Unsecured communication
  • surg4bij4k - SQL injection, Information Disclosure, Cross-site scripting (XSS)
  • grunge (Twitter) - SQL injection
  • pranav bhandari (LinkedIn) - Privilege Escalation
  • Virus (Twitter) - Editace a čtení dat jiných uživatelů
  • Evangelos Mitakidis @mrpentest (LinkedIn) - Information Disclosure
  • marwa khalfaoui (LinkedIn) - Privilege Escalation, Information Disclosure
  • Alisha Sheikh (LinkedIn) - Information Disclosure
  • Baburao Kittur (Twitter/LinkedIn) - Privilege escalation for server/application
  • Evangelos Mitakidis (mitakidis@gmail.com) - Information Disclosure
  • Mohammed Magdi Shafig Ahmed (Facebook/Twitter) - HTTP header, Information Disclosure
  • Emad Shanab (Twitter) - Path traversal, Information Disclosure, Privilege escalation for server/application
  • serji lacroute (Twitter) - Other
  • Suraj Bhosale (Twitter) - Information Disclosure
  • Hüseyin ALTUNKAYNAK (Twitter) - Cross-site scripting (XSS), SQL injection
  • Shrimant Subhash More (Twitter/LinkedIn) - Information Disclosure
  • Mehmet Can GÜNEŞ (Twitter) - Information Disclosure, Possible DoS Attack
  • Quang Vu Dinh (Twitter) - Data manipulation
  • Jonáš Hanulík - Cross-site scripting (XSS)
  • Srikar V (Exp1o1t9r/LinkedIn) - Data manipulation, Information Disclosure, Data tampering
  • Yunus AYDIN (Twitter) - Possible DoS Attack, Information Disclosure
  • Rachit Verma @b43kd00r (LinkedIn) - Information Disclosure
  • shailesh kumavat (hackerone.com/0x240x23elu/Twitter) - Data manipulation, Information Disclosure
  • Arpit Borawake (Twitter) - Information Disclosure
  • Ai Ho (j3ssie) - Information Disclosure
  • Philippe Delteil @philippedelteil - Information Disclosure
  • Paul Seekamp (LinkedIn) - Information Disclosure
  • Mayur Kishor Baviskar (LinkedIn/GitHub) - Information Disclosure
  • Abdullah Zafar (LinkedIn) - Data manipulation
  • Gaurang Maheta (LinkedIn/LinkedIn/Twitter) - Data manipulation, Information Disclosure
  • Alwoares Naeem (Twitter) - Information Disclosure
  • Mohamed Elbadry (Twitter) - Information Disclosure
  • Muhammad Sadikul Islam @0xadik - Information Disclosure
  • Golam Faruk Ovi (Twitter) - Information Disclosure
  • mert tasci (mert.ninja/Twitter) - Information Disclosure
  • Jai Kumar B (LinkedIn) - Data manipulation
  • Abison Binoy (Twitter) - Data manipulation
  • Ilyas ORAK (LinkedIn) - SQL injection
  • K Mohammed Danish faraz (LinkedIn/Twitter) - Open Redirect
  • Ibrahim Saud M (LinkedIn/Twitter) - Open Redirect
  • Sachhit Anasane - Cross-site scripting (XSS), iframe injection
  • D. Jaya Shankar (Twitter) - Data manipulation
  • Thierno DIOP @g33kdiop - Information Disclosure
  • J75 - Information Disclosure
  • Daniel Bechenea (LinkedIn) - Information Disclosure
  • Ignit3d (LinkedIn) - Cross-site scripting (XSS), HTTP header
  • Kinshuk Kumar (LinkedIn) - Security Misconfiguration
  • Mohsin Khan (Twitter) - Information Disclosure
  • Ravi Kishor (Twitter) - Information Disclosure
  • Harinder Singh - S1N6H (LinkedIn) - Information Disclosure, Broken Authentication, HTTP header, Clickjacking
  • Hemant Patidar (LinkedIn) - Information Disclosure
  • Mayur Parmar th3cyb3rc0p (LinkedIn) - Information Disclosure
  • sekharlee (Twitter / LinkedIn) - Information Disclosure
  • Shubham Garg (LinkedIn) - Information Disclosure
  • Ajaysen R (LinkedIn) - Information Disclosure
  • Foysal Ahmed Fahim (Twitter) - Information Disclosure
  • ISHAN VYAS (Twitter) - Data manipulation, Broken Authentication
  • Smaran Chand (smaranchand.com.np) - Data manipulation
  • Daniel Blindu (Twitter) - Data manipulation, Information Disclosure, Cross-site scripting (XSS)
  • Shoeb Shaikh (LinkedIn) - Information Disclosure
  • Mateusz Kowalczyk (LinkedIn) - Information Disclosure
  • Foysal Ahmed Fahim- Data manipulation, Information Disclosure
  • Mustafa Can IPEKCI @mcipekci - Cross-site scripting (XSS)
  • Pranav Prakash Yadav (LinkedIn) - Information Disclosure
  • Moataz Reda (Twitter / Facebook) - Data manipulation
  • Abhijeet Sarkar (Twitter / Facebook) - Data manipulation
  • Chirag Artani (Twitter / Chirag Artani) - Data manipulation
  • Walid Hossain (Twitter) - Data manipulation
  • Tomáš Rydlo - Application logic flaw
  • Numan Rajkotiya (Twitter) - Data manipulation
  • MelarDev (Twitter) - Server-side request forgery (SSRF)
  • Süleyman ERGEN @hatsat32 (Twitter) - Data manipulation
  • Kamran (LinkedIn) - Clickjacking
  • Pipupipu - Broken Access Control
  • Steven Hampton (Twitter) - Clickjacking
  • Onur ER (Twitter / LinkedIn / www.onurer.net) - Broken Authentication
  • Michal Vašíček (@mchlvsck - Twitter) - Information Disclosure
  • Omar ElSayed (Facebook) - Data manipulation
  • Numan Turle (Twitter) - Remote Code Execution (RCE)
  • Siddhesh Joshi (LinkedIn) - Remote Code Execution (RCE)
  • Shuvam Adhikari (Twitter / Facebook) - Path traversal
  • Deniz Parlak (Twitter / Blog) - Security misconfiguration
  • Rıza Sabuncu (Twitter / rizasabuncu.com) - Path traversal, SQL injection, Cross-site scripting (XSS), Server-side request forgery (SSRF)
  • CeCu (Twitter: @ceyhunulas / ceyhunulas.com ) - Information Disclosure
  • Praveen Kumar (Twitter: @Krack71214288 ) - Data manipulation
  • Burak Tahtacı (Twitter: @btahtaci / buraktahtaci.com ) - Path traversal
  • Mustafa Sanlı (exhandler) (LinkedIn) - Information Disclosure, Open Redirect
  • spookhorror - Link to an Expired Domain, Unsecured communication, Information Disclosure, Subdomain takeover, Clickjacking, Missing rate limit, other
  • Mohammed Amine El Attar (@ElAtt4r) - Cross-site scripting (XSS)
  • Abhith Damodaran - Cross-site scripting (XSS)
  • Nam Ha Bach (LinkedIn) - Cross-site scripting (XSS)
  • Aniket Akhade - Clickjacking
  • Tom Samson - Remote Code Execution (RCE)
  • Muhammet Gedik (LinkedIn / Twitter: @h4ck2s3c) - SQL injection, Cross-site scripting (XSS)
  • Ali Ezdemir - Cross-site scripting (XSS)
  • Mehmet Kelepçe (Twitter @doskey_history) - Cross-site scripting (XSS)
  • Muhammad Danial (Twitter) - Information Disclosure
  • Gaurav Dalal (webcipher101)(LinkedIn) - Information Disclosure
  • Vu Van Tien (@n0_Be3r) from IT Security of Techcombank - Information Disclosure
  • Jan Patrovský - honzapat - Broken Access Control
  • Oguzhan Karaman - (LinkedIn) - Information Disclosure
  • Jayesh Madnani - Information Disclosure
  • Martin Choma - (LinkedIn) - Information Disclosure
  • Jiří Stůj - (LinkedIn) - Rate limit bypass
  • Amin Dadashi - (Twitter) - Cross-site scripting (XSS)
  • Mojtaba Hosseini - (Twitter) - Cross-site scripting (XSS)
  • Inderjeet Singh - (Twitter / Rashahack) - Information Disclosure
  • Corrie Sloot - (CyberFortress Security) - Subdomain takeover
  • Yousef Mohamed Elsaid - (LinkedIn) - Broken Access Control
  • Ilker Durmuş - (LinkedIn) - Open Redirect
  • Vishal Vishwakarma - (LinkedIn) - Information Disclosure
  • thebee0x (Twitter) - Broken Access Control
  • Naveen Kumawat (nvk0x) - (LinkedIn) - Other
  • Akrachli Yassine - (LinkedIn) - Information Disclosure
  • Adrian Tirado Garcia - (LinkedIn) - Information Disclosure, HTTP header
  • Mohamed Ibrahim - (Twitter) - SQL injection
  • Léon Meizou (4sterix) - (LinkedIn) - Information Disclosure, File Upload
  • Syed Muhammad Khizar Hussain - (LinkedIn) - Broken Access Control
  • Abdelrahman Ibrahim Farg - (LinkedIn) - Information Disclosure
  • Navreet - (LinkedIn) - Information Disclosure
  • Keyur Maheta - (LinkedIn) - FTP Anonymous Login
  • Huseyin Burak Imdat - (LinkedIn) - Cross-site scripting (XSS)
  • Jan Polišenský - (X) - Cross-site scripting (XSS)