Na této stránce pravidelně aktualizujeme seznam našich hrdinů - lovců, kteří se aktivně zapojili do programu Bug Bounty.
- D. Straka – SQL injection
- Michal Špaček (@spazef0rze) – Cross-site request forgery (CSRF), Cross-site scripting (XSS), SQL injection
- Milan "Hodza" Kozák – SQL injection, Information Disclosure
- Ondřej Žára – Cross-site scripting (XSS)
- Kamil Vávra – Cross-site request forgery (CSRF), Unexpected log report
- Tomáš Hudáč – Cross-site scripting (XSS)
- Jaromír Hamala – Unauthorized access to server administration interface
- Martin Hartl – Cross-site scripting (XSS), Open Redirect
- Jaroslav Martínek – Information Disclosure
- Ayoub Fathi – Cross-site scripting (XSS)
- Tom – Information Disclosure
- @securehack z HACKTRACK security – Multiple Cross-site scripting (XSS), Blind SQL injection, Information disclosure, Redirect / XSS attack
- Marek Malcovský – Cross-site scripting (XSS), Remote code execution, Open Redirect
- Tonda Hýža – Cross-site scripting (XSS), Information Disclosure
- Martin Doupovec – Information Disclosure
- Michal Smrčka – Cross-site scripting (XSS)
- martanc – Information Disclosure
- Ayoub Ait Elmokhtar – Information Disclosure, Remote code execution
- SOOM.cz – SQL injection, Information Disclosure, Cross-site scripting (XSS)
- Murat Yilmazlar – @muratyilmazlarr - Cross-site scripting (XSS)
- Hamit Abis – Open Redirect
- Vahagn (vah13) Vardanyan – Information Disclosure
- Marek Křivan – Cross-site scripting (XSS)
- Eusebiu Blindu – Cross-site scripting (XSS)
- MEHMET NURCAN (fb/mehsul) – Cross-site scripting (XSS)
- Milan A Solanki (Mashack) – Cross-site request forgery (CSRF)
- Pavel Schön – Cross-site scripting (XSS)
- Ondřej Smrž – Cross-site scripting (XSS)
- Petr Kletečka (petr.kle.cz) – Cross-site scripting (XSS), SSLStripProxy
- MAZLUM BOZAN – Cross-site scripting (XSS)
- Eusebiu Blindu (http://www.testalways.com/) – Information Disclosure
- Harsha Vardhan (@hvboppana) – Cross-site scripting (XSS)
- Matěj Polák – Cross-site scripting (XSS)
- Milan Rossa – Cross-site scripting (XSS), Open Redirect, Unauthorized Access
- Michal Smolka – Cross-site scripting (XSS), Cross-site request forgery (CSRF), Information Disclousure
- Josef Krajkář – Clickjacking
- Ali Burak Aydın – Mesut Uçar - Cross-site scripting (XSS)
- Tcaciuc Bogdan Vasile – Information Disclosure, Cross-site scripting (XSS)
- Richard Strnad – Open Redirect
- Milan Kyselica – Clickjacking
- Shubham Maheshwari – Clickjacking
- Zekvan Arslan – Cross-site scripting (XSS), Open Redirect
- Ismail Taşdelen (LinkedIn/Twitter) – SQL Injection, Cross-site request forgery (CSRF), ClickJacking, Multiple Cross-site scripting (XSS), Information Disclosure, Missing rate limit, Security misconfiguration, Broken Authentication, Microsoft IIS tilde directory enumeration
- Berk Dusunur @berkdusunur – Cross-site scripting (XSS), Open Redirect, Information Disclosure, CRLF Injection, SQL Injection
- Simge Gungor – Cross-site scripting (XSS)
- Ahmet Gurel – Cross-site scripting (XSS), SQL Injection, Remote Code Execution (RCE)
- Yunus YILMAZ (ynsy) – Open Redirect
- PwnSquad aka WeedSquad – Information Disclosure
- MUHAMMED SADETTİN KARATAŞ (LinkedIn) – Information Disclosure, Clickjacking, Cross-site scripting (XSS), Open Redirect
- Ankur Pandey – SQL injection
- Muhammed Enes GÖK – Clickjacking
- Felipe "Renzi" Gabriel - Denial of Service (DoS)
- Peter Stasko - Clickjacking
- Furkan YILANCI - ClickJacking, Reflected cross-site scripting
- Kerem Tamcı - SQL injection
- Virendra Tiwari - HTTP header
- Ben Chinoy - Privilege escalation for server, Unsecured communication, Default login, Cross-site scripting, other
- Abhishek Karle (@AbhishekKarle3) - Improper Session Management
- lacroute serge (LinkedIn) - Cross-site scripting (XSS)
- R Atik Islam - Improper Session Management
- Mustafa Kemal Can (muskecan) - Information Disclosure
- René Kroka - Cross-site scripting (XSS)
- Anusha Deekonda - Cross-site scripting (XSS), Open Redirect
- Shashank Singh Rathore (!nj3c+0R) - Cross-site scripting (XSS)
- Rahad Chowdhury - Cross-site scripting (XSS)
- Tomáš Polešovský (@topolik) - Cross-site scripting (XSS), Remote Code Execution (RCE)
- Ritik Chaddha(pwn_box) Twitter - Information Disclosure
- Piotr Karolak - Default login
- Sijisu (sijisu.eu) - Open Redirect, Cross-site scripting (XSS)
- Ataberk Yavuzer (0xsaiyajin.github.io) - SQL Injection, Cross-site scripting (XSS), Remote Code Execution (RCE)
- Battal Faik Aktaş (Twitter) - SQL injection, Cross-site Scripting, Cross-site scripting (XSS), Host Header Injection
- Berat Gokberk ISLER (Linkedin) - SQL injection, Cross-Site Scripting (XSS)
- Samet Emiroğlu (Twitter) - Cross-Site Scripting (XSS)
- Pritam Mukherjee (Linkedin) - Unsecured communication
- Emre Durmaz (Linkedin) - Cross-site scripting (XSS)
- Nuri Yavuz (Linkedin) - Cross-site scripting (XSS)
- Burak Ünal (@ _d4rkbrain)- Information Disclosure
- B.Dhiyaneshwaran - Information Disclosure (Stack Trace Error)
- Berk İmran (Berkimran.com.tr/Linkedin) - Information Disclosure
- Yash Anand (Linkedin) - Information Disclosure
- Santhosh Kumar (Twitter/Linkedin) - Information Disclosure
- @mnykmct - Information Disclosure, Privilege escalation for server/application
- Shivang Trivedi (LinkedIn) - Information Disclosure (XSS)
- B.Dhiyaneshwaran - Information Disclosure (Configuration files, API keys)
- Prakash Kumar (LinkedIn) - Unsecured communication
- surg4bij4k - SQL injection, Information Disclosure, Cross-site scripting (XSS)
- grunge (Twitter) - SQL injection
- pranav bhandari (LinkedIn) - Privilege Escalation
- Virus (Twitter) - Editace a čtení dat jiných uživatelů
- Evangelos Mitakidis @mrpentest (LinkedIn) - Information Disclosure
- marwa khalfaoui (LinkedIn) - Privilege Escalation, Information Disclosure
- Alisha Sheikh (LinkedIn) - Information Disclosure
- Baburao Kittur (Twitter/LinkedIn) - Privilege escalation for server/application
- Evangelos Mitakidis (mitakidis@gmail.com) - Information Disclosure
- Mohammed Magdi Shafig Ahmed (Facebook/Twitter) - HTTP header, Information Disclosure
- Emad Shanab (Twitter) - Path traversal, Information Disclosure, Privilege escalation for server/application
- serji lacroute (Twitter) - Other
- Suraj Bhosale (Twitter) - Information Disclosure
- Hüseyin ALTUNKAYNAK (Twitter) - Cross-site scripting (XSS), SQL injection
- Shrimant Subhash More (Twitter/LinkedIn) - Information Disclosure
- Mehmet Can GÜNEŞ (Twitter) - Information Disclosure, Possible DoS Attack
- Quang Vu Dinh (Twitter) - Data manipulation
- Jonáš Hanulík - Cross-site scripting (XSS)
- Srikar V (Exp1o1t9r/LinkedIn) - Data manipulation, Information Disclosure, Data tampering
- Yunus AYDIN (Twitter) - Possible DoS Attack, Information Disclosure
- Rachit Verma @b43kd00r (LinkedIn) - Information Disclosure
- shailesh kumavat (hackerone.com/0x240x23elu/Twitter) - Data manipulation, Information Disclosure
- Arpit Borawake (Twitter) - Information Disclosure
- Ai Ho (j3ssie) - Information Disclosure
- Philippe Delteil @philippedelteil - Information Disclosure
- Paul Seekamp (LinkedIn) - Information Disclosure
- Mayur Kishor Baviskar (LinkedIn/GitHub) - Information Disclosure
- Abdullah Zafar (LinkedIn) - Data manipulation
- Gaurang Maheta (LinkedIn/LinkedIn/Twitter) - Data manipulation, Information Disclosure
- Alwoares Naeem (Twitter) - Information Disclosure
- Mohamed Elbadry (Twitter) - Information Disclosure
- Muhammad Sadikul Islam @0xadik - Information Disclosure
- Golam Faruk Ovi (Twitter) - Information Disclosure
- mert tasci (mert.ninja/Twitter) - Information Disclosure
- Jai Kumar B (LinkedIn) - Data manipulation
- Abison Binoy (Twitter) - Data manipulation
- Ilyas ORAK (LinkedIn) - SQL injection
- K Mohammed Danish faraz (LinkedIn/Twitter) - Open Redirect
- Ibrahim Saud M (LinkedIn/Twitter) - Open Redirect
- Sachhit Anasane - Cross-site scripting (XSS), iframe injection
- D. Jaya Shankar (Twitter) - Data manipulation
- Thierno DIOP @g33kdiop - Information Disclosure
- J75 - Information Disclosure
- Daniel Bechenea (LinkedIn) - Information Disclosure
- Ignit3d (LinkedIn) - Cross-site scripting (XSS), HTTP header
- Kinshuk Kumar (LinkedIn) - Security Misconfiguration
- Mohsin Khan (Twitter) - Information Disclosure
- Ravi Kishor (Twitter) - Information Disclosure
- Harinder Singh - S1N6H (LinkedIn) - Information Disclosure, Broken Authentication, HTTP header, Clickjacking
- Hemant Patidar (LinkedIn) - Information Disclosure
- Mayur Parmar th3cyb3rc0p (LinkedIn) - Information Disclosure
- sekharlee (Twitter / LinkedIn) - Information Disclosure
- Shubham Garg (LinkedIn) - Information Disclosure
- Ajaysen R (LinkedIn) - Information Disclosure
- Foysal Ahmed Fahim (Twitter) - Information Disclosure
- ISHAN VYAS (Twitter) - Data manipulation, Broken Authentication
- Smaran Chand (smaranchand.com.np) - Data manipulation
- Daniel Blindu (Twitter) - Data manipulation, Information Disclosure, Cross-site scripting (XSS)
- Shoeb Shaikh (LinkedIn) - Information Disclosure
- Mateusz Kowalczyk (LinkedIn) - Information Disclosure
- Foysal Ahmed Fahim- Data manipulation, Information Disclosure
- Mustafa Can IPEKCI @mcipekci - Cross-site scripting (XSS)
- Pranav Prakash Yadav (LinkedIn) - Information Disclosure
- Moataz Reda (Twitter / Facebook) - Data manipulation
- Abhijeet Sarkar (Twitter / Facebook) - Data manipulation
- Chirag Artani (Twitter / Chirag Artani) - Data manipulation
- Walid Hossain (Twitter) - Data manipulation
- Tomáš Rydlo - Application logic flaw
- Numan Rajkotiya (Twitter) - Data manipulation
- MelarDev (Twitter) - Server-side request forgery (SSRF)
- Süleyman ERGEN @hatsat32 (Twitter) - Data manipulation
- Kamran (LinkedIn) - Clickjacking
- Pipupipu - Broken Access Control
- Steven Hampton (Twitter) - Clickjacking
- Onur ER (Twitter / LinkedIn / www.onurer.net) - Broken Authentication
- Michal Vašíček (@mchlvsck - Twitter) - Information Disclosure
- Omar ElSayed (Facebook) - Data manipulation
- Numan Turle (Twitter) - Remote Code Execution (RCE)
- Siddhesh Joshi (LinkedIn) - Remote Code Execution (RCE)
- Shuvam Adhikari (Twitter / Facebook) - Path traversal
- Deniz Parlak (Twitter / Blog) - Security misconfiguration
- Rıza Sabuncu (Twitter / rizasabuncu.com) - Path traversal, SQL injection, Cross-site scripting (XSS), Server-side request forgery (SSRF)
- CeCu (Twitter: @ceyhunulas / ceyhunulas.com ) - Information Disclosure
- Praveen Kumar (Twitter: @Krack71214288 ) - Data manipulation
- Burak Tahtacı (Twitter: @btahtaci / buraktahtaci.com ) - Path traversal
- Mustafa Sanlı (exhandler) (LinkedIn) - Information Disclosure, Open Redirect
- spookhorror - Link to an Expired Domain, Unsecured communication, Information Disclosure, Subdomain takeover, Clickjacking, Missing rate limit, other
- Mohammed Amine El Attar (@ElAtt4r) - Cross-site scripting (XSS)
- Abhith Damodaran - Cross-site scripting (XSS)
- Nam Ha Bach (LinkedIn) - Cross-site scripting (XSS)
- Aniket Akhade - Clickjacking
- Tom Samson - Remote Code Execution (RCE)
- Muhammet Gedik (LinkedIn / Twitter: @h4ck2s3c) - SQL injection, Cross-site scripting (XSS)
- Ali Ezdemir - Cross-site scripting (XSS)
- Mehmet Kelepçe (Twitter @doskey_history) - Cross-site scripting (XSS)
- Muhammad Danial (Twitter) - Information Disclosure
- Gaurav Dalal (webcipher101)(LinkedIn) - Information Disclosure
- Vu Van Tien (@n0_Be3r) from IT Security of Techcombank - Information Disclosure
- Jan Patrovský - honzapat - Broken Access Control
- Oguzhan Karaman - (LinkedIn) - Information Disclosure
- Jayesh Madnani - Information Disclosure
- Martin Choma - (LinkedIn) - Information Disclosure
- Jiří Stůj - (LinkedIn) - Rate limit bypass
- Amin Dadashi - (Twitter) - Cross-site scripting (XSS)
- Mojtaba Hosseini - (Twitter) - Cross-site scripting (XSS)
- Inderjeet Singh - (Twitter / Rashahack) - Information Disclosure
- Corrie Sloot - (CyberFortress Security) - Subdomain takeover
- Yousef Mohamed Elsaid - (LinkedIn) - Broken Access Control
- Ilker Durmuş - (LinkedIn) - Open Redirect
- Vishal Vishwakarma - (LinkedIn) - Information Disclosure
- thebee0x (Twitter) - Broken Access Control
- Naveen Kumawat (nvk0x) - (LinkedIn) - Other
- Akrachli Yassine - (LinkedIn) - Information Disclosure
- Adrian Tirado Garcia - (LinkedIn) - Information Disclosure, HTTP header
- Mohamed Ibrahim - (Twitter) - SQL injection
- Léon Meizou (4sterix) - (LinkedIn) - Information Disclosure, File Upload
- Syed Muhammad Khizar Hussain - (LinkedIn) - Broken Access Control
- Abdelrahman Ibrahim Farg - (LinkedIn) - Information Disclosure
- Navreet - (LinkedIn) - Information Disclosure
- Keyur Maheta - (LinkedIn) - FTP Anonymous Login
- Huseyin Burak Imdat - (LinkedIn) - Cross-site scripting (XSS)
- Jan Polišenský - (X) - Cross-site scripting (XSS)