Company

Acknowledgements

We would like to take this opportunity to thank all the important contributors who provide us with helpful tips and hints that help us make our systems more secure. Our special thanks goes to:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0-9

A

  • Aakash Kumar - facebook.com/Sscript.kiddie: Reported Clickjacking vulnerabilities.
  • Aakash Madaan ( Godsky ) https://www.linkedin.com/in/aakashmadaan13 - Reported Security misconfiguration.
  • Aamir Khan - www.hacking-articles.blogspot.com - www.fb.com/aamir9795734: Reported xss vulnerabilities.
  • Aaron Costello - ie.linkedin.com/in/aaron-costello-226858a7 - Reported Information Disclosure.
  • Aarshit Mittal: Reported XSS vulnerabilities.
  • Aasmant Laxmikant Patil - LinkediIn: https://www.linkedin.com/in/aasmant-laxmikant-patil-01a644203 - Reported Information Disclosure.
  • Aatman Saifi/0x4141 -Twitter: www.twitter.com/jobaa23 - Reported Default login, Possible DoS Attack, Remote Code Execution (RCE), Broken Authentication and Cross-site request forgery (CSRF) vulnerabilities.
  • Abdallah Mahrous  https://www.linkedin.com/in/abdallah-mahrous-09712aa4/  - Reported Missing rate limit.
  • Abdennour Chakifi - https://twitter.com/dazaii111 - Reported Cross-site scripting (XSS).
  • Abdeslam Elyaalaoui linkedin.com/in/abdeslam-elyaalaoui-801592145/ - Reported Cross-site scripting (XSS).
  • Abdiwahab Ahmed Omar - https://www.facebook.com/0x1h3r/ - Reported HTTP header, Reported Information Disclosure.
  • Abdlallah Mohammed- https://twitter.com/1bdool492 - Reported Server-side request forgery (SSRF).
  • Abdul Azeez Alaseeri - linkedin.com/in/0xx777 - Reported Cross-site scripting (XSS).
  • Abdullah Rahmatullah - Twitter: twitter.com/abd_4fg - Reported Cross-site scripting (XSS).
  • Abdulrahman Badawi  - https://twitter.com/zikolasec?t=nx1TAITxMlZ6ykoVZFhNNA&s=09 - Reported Information Disclosure.
  • Abdul Haq Khokhar - https://twitter.com/ Abdulhaqkhokhar: Reported Policy Framework vulnerabilities and Missing SPF.
  • Abdullah Fares Muhanna - https://www.facebook.com/AbedullahFares - Reported outdated and vulnerable software.
  • Abdul Rehman - @facebook.com/shadowcreator: Reported host header vulnerabilities.
  • Abdulelah BinAqeel - Reported XSS (Reflected) vulnerabilities.
  • Abdullah Fares Muhanna - https://www.facebook.com/AbedullahFares - Reported a use of a vulnerable version of software.
  • Abdullah Hussam - @Abdulahhusam: Reported XSS vulnerability.
  • Abdulrahman Kamel https://www.linkedin.com/in/abdulrahman-kamel/- Reported Cross-site scripting (XSS) / Reported Cross-site scripting (XSS) vulnerabilities / Reported Information Disclosure and Unsecured communication.
  • Abdessamad DHASSI - URL: https://www.root-me.org/abdou358, Twitter: https://twitter.com/darlate - Reported XSS vulnerabilities.
  • Abelrhman Adel - twitter.com/k3r1it0 - Gefundene SQL Injection.
  • Abhibandu Kafle - http://nepsecurity.org - @kabhi_kav: Reported Clickjacking vulnerability.
  • Abhijeth Dugginapeddi - http://abhijeth.com: Reported multiple vulnerabilities.
  • Abhinav Karnawat - (\/ w4rri0r \/) - http://www.w4rri0r.com: Reported XSS Vulnerability.
  • Abhinav Porwal https://www.linkedin.com/in/abhinavporwal6 - Reported Clickjacking.
  • Abhishek Bundela - Twitter: twitter.com/abhibundela: Reported self XSS vulnerabilities.
  • Abhishek Maurya - https://in.linkedin.com/in/abhiishsec - Reported Cross-site scripting (XSS).
  • Ace Candelario https://0xspa.de - Reported Cross-site scripting (XSS).
  • Achim Hoffmann - Atropaia GmbH - atropaia.de - Reported Cross-site scripting (XSS).
  • Adam Willard - https://www.linkedin.com/pub/adam-willard/20/575/30b/@aw7684512: Reported HTML manipulation vulnerability.
  • Adam Ziaja - http://adamziaja.com: Reported SSL weakness.
  • ADARSH VS https://twitter.com/adarshvs_ - Reported Data manipulation.
  • Adel Mahmoud - https://www.facebook.com/mohappaaa - Reported XSS (Reflected) vulnerabilities.
  • Adil Faizi - fb.com/adil.faizi.94 RMAR Technologies Pvt. Ltd: (www.rmar.in): Reflected XSS.
  • Aditya Dixit - http://fb.com/aditya008 - http://hackthedevil.blogspot.com: Reported DOM based XSS vulnerabilities.
  • Aditya Jadhav - www.securecyberfuture.com - Reported XSS vulnerabilities.
  • Agustín Doménech - https://twitter.com/robotshelld - Reported Information Disclosure.
  • Ahmad Alassaf - https://www.facebook.com/theviperxx/ - Reported Information Disclosure.
  • Ahmad Ashraff - @yappare: Reported path disclosure.
  • Ahmad Halabi (Cyber Ironclad) - hackerone.com/ahmd_halabi - Reported Information Disclosure.
  • Ahmad Qaramany (@qaramany0x01) - twitter.com/qaramany0x01 - Reported Information Disclosure.
  • Ahmed Aaish - https://parallel.solutions - Reported JavaServer Faces vulnerabilities.
  • Ahmed Alsanosi - facebook.com/01alsanosi - twitter.com/ahmed_alsanosi - Reported Unsecured communication.
  • Ahmed Adel Abdelfattah - https://www.facebook.com/00SystemError00/ - Reported XSS vulnerabilities.
  • Ahmed Ehab - https://twitter.com/HeBo117 - Reported Server-side request forgery (SSRF).
  • Ahmed El-Desoky - LinkedIn: www.linkedin.com/in/ahmed-eldesoky-982051227 - Reported Cross-site scripting (XSS) / reported HTTP header vulnerabilities.
  • Ahmed Elsadat - https://bugcrowd.com/GENERAL-SADAT / https://www.facebook.com/mido.gamal.9674 - Reported XSS vulnerabilities.
  • Ahmed Fahim - Reported Information Disclosure.
  • Ahmed Ismail linkedin.com/in/ahmed-ismail-38901168 twitter.com/MrOz1l facebook.com/AhmedOzil10 - Subdomain Takeover / Reported Broken Access Control vulnerabilities.
  • Ahmed Max - https://www.facebook.com/profile.php?id=100004971255687; Twitter: @404NotF39672584- Reported content/text injection.
  • Ahmed Nazmy - Reported Remote Code Execution (RCE).
  • Ahmed Qaramany - https://twitter.com/qaramany0x01, https://www.facebook.com/qaramany0x01 - Reported Information Disclosure.
  • Ahmed Salah Abdalhfaz https://twitter.com/Elsfa7110 - Reported Information Disclosure.
  • Ahmed Shawky @lnxg33k: Meldung von SQL Injection.
  • Ahmed Sherif- https://twitter.com/sherif_ninja - Reported Server-side request forgery (SSRF).
  • Ahmed sultan (0x4148) linked in :https://eg.linkedin.com/in/0x4148 - Reported SQL Injection.
  • Ahmed Usama (vulnera) - https://twitter.com/0xvulnera / facebook.com/0xvulnera - Reported Cross-site request forgery (CSRF).
  • Ahmed Waheed - @ia7m4d0z: Reported XSS vulnerabilities.
  • Ahmed Y. Elmogy - Twitter: mogyhacker - Reported anti-CSRF/XSS vulnerabilities.
  • Ahmet Demirci - https://www.facebook.com/ahmet.demirc.17 and https://m-i-a.cf - Reported XSS (Reflected) vulnerabilities.
  • Ahmet Gurel - twitter.com/ahmettgurell - Reported Cross-site scripting (XSS) / reported SQL injection vulnerabilitie.
  • Ahmet SUNA - linkedin.com/in/ahmet-suna-ab3ba9116 - Reported Information Disclosure, Host header injection, Cross-site scripting (XSS), Open Redirect and Database backup critical Information Disclosure
  • Ahmet Ümit BAYRAM - www.ahmetumitbayram.com - @ahmetumitbayram - Reported XSS (Reflected) vulnerabilities.
  • Ai Ho - https://twitter.com/j3ssiejjj - Reported Information Disclosure.
  • Aishwarya KC https://twitter.com/aiswar_ya - Reported Subdomain takeover.
  • Ajay Anand - www.ctgsecuritysolutions.com: Reported XSS vulnerability.
  • Ajay Singh Negi - @AjaySinghNegi & Prashant Negi - @_prashantnegi & Mahipal Singh Rajpurohit - www.websecresearch.com: Reported Brutforce vulnerabilities.
  • Akalanka Ekanayake - https://twitter.com/ceo_akalanka - Reported Mixed Content Vulnerability.
  • Akash Sarkar - https://twitter.com/0xhunster - Reported Information Disclosure.
  • Akash Saxena - https://m.facebook.com/akash.saxena.9421 - Loophole in registration functionality.
  • Akash Shukla - facebook.com/hybridakash at www.rmar.in: Cookie Disclosure.
  • Akhil Reni - @akhil_reni: Refelcted XSS.
  • Akincibor - https://hackerone.com/akincibor?type=user - Reported Server-side request forgery (SSRF).
  • Alan Roy - https://www.linkedin.com/in/alan-roy-0225a125 https://www.facebook.com/alanroy.thomas.7- Reported Clickjacking.
  • Akshay Ravi(copycat) - https://www.linkedin.com/in/C09YC47 - Reported several Information Disclosure
  • Alexandar Thangavel - https://twitter.com/ValluvarSploit - Reported Other.
  • Alexander Anisimov und Yakov Shmelev (Eun014 Team) - https://twitter.com/rack2009 - Reported security misconfiguration.
  • Alexander Karl – Alexander 'twink0r' Karl – Subdomain Takeover.
  • Alex Birsan - https://twitter.com/alxbrsn - Reported Remote Code Execution (RCE).
  • Alexey Sabadash - www.linkedin.com/in/asabadash - Reported multiple vulnerabilites.
  • Alfido Osdie - https://www.linkedin.com/in/alfido-osdie-857343224/ - Reported.
  • Ali Abdalalh - Twitter: https://www.linkedin.com/in/ali-0x11 - Reported Cross-site scripting (XSS).
  • Ali Hasan Ghauri - alihassanpenetrationtester.blogspot.com - @alihasanghauri: Reported GIT Information Disclosure and XSS Vulnerabilities.
  • Alisha Sheikh - in.linkedin.com/in/alisha-sheikh-96059615a - Reported Security misconfiguration.
  • Al-Khateeb BI N-khalid - fb.com/kkhateebali RMAR Technologies Pvt. Ltd. (www.rmar.in) - Reflected XSS.
  • Alvyn McQuitty - twitter.com/alvynmcq - Reported Server-side request forgery (SSRF).
  • Alwaleed Alfayez - Reported SSRF vulnerability.
  • Aly Khaled (0x41ly) - linkedin.com/in/aly-khal3d - hackerone.com/0x41ly?type=user - bugcrowd.com/0x41ly - twitter.com/Aly_Khal3d - Reported Possible DoS Attack, Reported Open Redirect, Cross-site scripting (XSS), Open Redirect, Broken Access Control / Reported HTTP header.
  • Aman Kumar - https://twitter.com/amykr777 - Reported User Enumeration / Reported Information Disclosure / Reported Cross-site scripting (XSS), Open Redirect, Information Disclosure and Path traversal.
  • Aman Rawat - https://www.linkedin.com/in/theamanrawat/ - Reported Information Disclosure.
  • Amar Shankar & Piyush Malik: Reported XSS vulnerabilities.
  • Amaranath Moger - https://www.linkedin.com/in/amaranath-moger/ - Reported Broken Access Control.
  • Ameer Assadi - @AmeerAssadi, fb.me/Amirh4ck, http://linkedin.com/in/ameerassadi - Reported XSS vulnerabilities.
  • Ameya Andhare - https://www.linkedin.com/in/ameya-andhare-ab839b1a5/ / https://twitter.com/AmeyaAndhare - Reported Clickjacking and Information Disclosure .
  • Amin Achour - www.th-online.ch - Reported XSS vulnerabilities.
  • Amit Sohana - https://www.facebook.com/amit.sohara: Reflected XSS.
  • Amol Bhola - Reported Clickjacking vulnerability.
  • Amr Al Hallak - Reported Cross-site scripting (XSS).
  • Amr Khaled (0x37U) - https://www.facebook.com/Amr.v7 / 
    https://twitter.com/0x37U - Reported Missing rate limit.
  • Anand M - https://twitter.com/anandm47: XSS Vulnerability
  • Anant Mudgal - https://www.varutra.com // Twitter: https://twitter.com/anantmudgal - Reported sensitive information disclosure.
  • Anas Bousselham - Twitter : https://twitter.com/BousselhamAnas / LinkedIn : https://www.linkedin.com/in/anas-bousselham/ - Reported Cross-site scripting (XSS).
  • Anas Laabab - www.linkedin.com/in/anas-laabab/ - Reported an Out-of-Band XXE vulnerability.
  • Anas Mahmood - @CyberTiger https://www.twitter.com/AnasIsHere - Reported Cross Site Scripting vulnerabilities.
  • Andrea Santese - Reported clickjacking vulnerability.
  • Andreas Kurtz - @aykay - http://www.andreas-kurtz.de: Reported vulnerabilities in a Mobile Application.
  • Andr. Ess - Reported Broken Authentication.
  • André Zingsheim: Reported XSS vulnerabilities.
  • Andrei Smolkin: Reported SQL Injection, xss and information disclosure vulnerabilities.
  • Andrey Leonov @4lemon https://twitter.com/4lemon - Reported Remote Code Execution (RCE).
  • Ángel Carballo - https://www.linkedin.com/in/%C3%A1ngel-carballo-82a6a318a/ - Reported Open Redirect.
  • Angkan Chanda ( nightcr4wl3r ) - nightcr4wl3r.blogspot.com – Report of a configuration vulnerability.
  • Aniket Deshmane https://twitter.com/AniketDeshmane9?s=08 - Reported Default login.
  • Aniket Pratap Singh - www.facebook.com/kotarockers/: Reported File Information Disclosure vulnerabilities.
  • Anis Haboubi - https://twitter.com/HaboubiAnis - Reported Information Disclosure.
  • Ankit Bharathan - fb.me/dibbu.bhadav: Reported XSS vulnerability.
  • Ankit Singh - https://www.facebook.com/AnkitCuriosity , LinkedIn: https://www.linkedin.com/in/AnkitSingh1579- Reported Open Redirect & XSS vulnerabilities.
  • Ankit Sood - facebook.com/ankit.sood.501 - Reported Cross-site scripting (XSS).
  • Ankit Yadav - Hack Safe Indore: Reported user credential vulnerabilities.
  • Anil Kumar Behara: Reported XSS vulnerability.
  • Anirudh Kulkarni: Reflected XSS.
  • An Phuoc Trinh - @_tint0 - Reported unauthenticated RCE Injection.
  • An Phuoc Trinh - @_tint0 - Reported five RCE vulnerabilities.
  • Ansh Jain - website : https://sudoark.tk  - Reported Cross-site scripting (XSS) / Reported Server-side request forgery (SSRF) vulnerabilities.
  • Ansh kr jha  - https://www.linkedin.com/in/ansh-kumar-jha-b5188a249 - Reported HTML/CSS injection and Broken Access Control.
  • Anurag Srivastava - http://fb.com/anurag424242 - www.rmar.in<http://www.rmar.in>: Reflected XSS.
  • Anusha Deekonda - twitter.com/KeerthiCrackers - Reported Cross-site scripting (XSS).
  • aqib shah - twitter.com/aqibshah - Reported Stored Cross-site scripting (XSS) and reflected Cross-site scripting (XSS) .
  • Aria Akhavan - https://facebook.com/aria.stefano: Reported xss vulnerabilities.
  • Ariel Rachamim & Omri Inbar - https://www.linkedin.com/in/ariel-rachamim/ - Reported Subdomain takeover.
  • Arjun Singh http://linkedin.com/in/arjun-singh-33924018b - Reported Open Redirect.
  • Arpit Borawake https://linkedin.com/in/rpt - Reported Cross-site scripting (XSS) and Path traversal vulnerabilities / Reported Subdomain takeover vulnerabilities
  • Arpit Kubadia - https://twitter.com/aksquaretech - Reported several Information Disclosure / Reported Cross-site scripting (XSS) / Reported Default login / Reported Server-side request forgery (SSRF) vulnerabilities / Reported Default login.
  • Ariq Ahmad - https://www.facebook.com/near.ardor: Reflected XSS.
  • Arndt Adler: Reported XSS vulnerabilities.
  • Arsiadi Sriyanto - @donrookie: Reported XSS vulnerability.
  • Arun K Mishra - https://twitter.com/arun_2512 -  Reported clickjacking vulnerability.
  • Ashesh Kumar - http://facebook.com/ashesh1708 - Reported XSS vulnerabilities.
  • Ashish Kunwar - @D0rkerDevil - Reported security misconfiguration vulnerability.
  • Ashutosh Nath Rimal (KhukuriRimal) - https://in.linkedin.com/in/ashutosh-nath-rimal-534690137 - Reported Information Disclosure.
  • Ashutosh Singh - facebook.com/ashu.singboy - RMAR Technologies Pvt. Ltd. - www.rmar.in: Reflected XSS.
  • Ashutosh Singh Chauhan - linkedin.com/in/ashutosh-iot - Reported Security misconfiguration.
  • Asif_ack4 - Instagram: https://www.instagram.com/tam_ilcode420 - Reported Missing rate limit.
  • Asif Showkat wani and Muneeb Shah: Reported xss vulnerabilities.
  • Asim Delalic https://www.linkedin.com/in/asimd/- Reported several Information Disclosure.
  • Ataberk Yavuzer- https://0xsaiyajin.github.io/ - Reported XML-RPC vulnerability / WEB/LINKEDIN/TWITTER/FB - Reported Information Disclosure.
  • Aung Myat Thu - twitter.com/xai_yak - Reported XSS vulnerabilities.
  • Avi Chakravarti https://www.linkedin.com/in/avi-chakravarti-276881193/ - Reported Clickjacking.
  • Aviv Yahav - https://www.linkedin.com/in/aviv-yahav-3b87a414b - Reported several vulnerabilities.
  • Avram Marius Gabriel - www.randosmtorm: Reported XSS vulnerabilities.
  • Ayoub Nait Lamine - https://www.facebook.com/profile.php?id=100004407498249e: Reported host header injection and Open Redirect vulnerabilities.
  • Ayoub SAFA - https://www.linkedin.com/in/ayoub-safa-2a443938/ - Reported default credentials
  • Ayush Mangal - https://www.linkedin.com/in/ayush-mangal-48a168110/ - Reported Security misconfiguration / Reported Open Redirect, Reported Missing rate limit.
  • Ayush Shrestha - www.linkedin.com/in/ayushxtha - Reported Cross-site scripting (XSS).
  • Ayush Singh (https://in.scanfactory.io) https://twitter.com/glatisantbeast - Reported Default login.
  • Aytaç Kalıncı - https://www.linkedin.com/in/aytackalincii/ - Reported Cookie Information Disclosure.
  • Ayudya Fitri - https://www.linkedin.com/in/ayudya-f-5b61b6113 - Reported Information Disclosure.

B

  • Babar Khan Akhunzada @babar1337khan - Reported Apache Tomcat/6.0.24.
  • Baburao Kittur - https://twitter.com/bk_cipher / https://in.linkedin.com/in/baburao-kittur - Reported Privilege escalation for server/application.
  • Bagas Prananda - linkedin.com/in/bagasprananda97 - Reported Clickjacking / reported Server-side request forgery (SSRF) vulnerabilities.
  • Bao Bui (@0xd0ff9) - twitter.com/Jok3rDb - Reported Privilege escalation for server/application.
  • Bao Chau - https://www.linkedin.com/in/nhubaochau/ - Reported Open Redirect.
  • Batee5a - hackerone.com/batee5a - Reported Local File Inclusion.
  • Battal Faik Aktaş - twitter.com/BattalFaikAktas - Reported Open Redirect and several Server-side request forgery (SSRF) vulnerabilities / Reported Remote Code Execution (RCE) vulnerabilities / Reported Information Disclosure.
  • B. Caller - WEB/LINKEDIN/TWITTER/FB - Reported Remote Code Execution (RCE).
  • Ben Chinoy - https://www.linkedin.com/in/benchinoy - Reported Broken Access Control.
  • Benjamin Kunz Mejri (Evolution Security GmbH - Vulnerability Laboratory) www.vulnerability-lab.com - twitter.com/vuln_lab - Reported XSS (Stored) vulnerability, SQLi, Exec
  • Bhanu Teja - twitter.com/bh4nut3j4 - Reported Subdomain takeover / Reported Unauthenticated Local File Read / Reported Cross-site scripting (XSS) / Reported User Enumerations / Reported Information Disclosure.
  • BHARAT CHOUDHARY - https://twitter.com/iambharat18 - Reported Information Disclosure and Open Redirect.
  • Bhavesh Naik: Reported XSS vulnerability.
  • Bibek Shah - @noobibek - Reported several Information Disclosure.
  • Bijesh Debbarma: Sqil & Path Disclosure.
  • Bilal Teke - https://luckywiki.org - Reported XSS vulnerabilities.
  • Bill Ben Haim - https://www.linkedin.com/in/bill-ben-haim-b6775a48/ - Reported default credentials.
  • Bipul Jaiswal - https://twitter.com/r3curs1v3_pr0xy. - Reported Information Disclosure.
  • BITCOMSEC - http://bitcomsec.org - http://twitter.com/bitcomsec - Reported Remote Command Execution vulnerability.
  • Björn Peeters: Reported CSRF/XSS vulnerabilities.
  • Björn Peeters: Reported xss vulnerabilities.
  • Bodgan Calin: Reported time based SQL injection.
  • Brijesh Prajapati - https://twitter.com/Sherloc88271414?s=09 - Reported other vulnerabilities.
  • Bryan Galao - Facebook: https://www.facebook.com/xbryan.galao - Reported Clickjacking, content spoofing & Information Disclosure vulnerabilities.
  • bsysop - twitter.com/bsysop - Reported Security misconfiguration. / Reported Information Disclosure.
  • Burak Ünal @_d4rkbrain - twitter.com/_d4rkbrain - Reported Information Disclosure.

C

  • Cale Anderson - Reported Broken Authentication.
  • Can Karacan - https://www.linkedin.com/in/can-karacan-69ba09b8/ - Reported Information Disclosure, Open Mail Relay and Cross-site scripting (XSS) vulnerabilities.
  • Cara Sharma - https://www.facebook.com/SharmaCara - https://twitter.com/Sharma_Cara - Reported Insecure Cross Domain and CSRF vulnerabilities.
  • Carl-Theodor Geilhufe – www.carl.geilhufe.de - Reported information disclosure.
  • Carlos Cardoso - https://websecauditors.com | facebook.com/cmscardoso - Reported misconfigured DNS records.
  • Cernica Ionut Cosmin: Reported Directory Listing vulnerabilties.
  • Charlie Briggs - @Charlie_N_B: Reported XSS vulnerabilities & SQL injection.
  • Chetan  - linkedin.com/in/chetan-00 - Reported Information Disclosure.
  • Chetan Gulhane - http://varutra.com: Reported xss vulnerabilities.
  • Chiheb Chebbi - twitter.com/chihebchebbi201 - Reported Remote Code Execution (RCE) / Reported Security misconfiguration.
  • Chilik Tamir - @_coreDump: Reported IOS App vulnerability.
  • chippa vijay kumar- https://twitter.com/vijay922 - Reported Information Disclosure.
  • Chinmay Barbade - https://www.linkedin.com/in/chinmay-barbade-a36400162/ - Reported Broken Access Control.
  • Chinmohan Nayak - @nayakchinmohan – http://securityonair.blogspot.in/: Reported information disclosure.
  • Chinmoy Mukherjee chinmoy.info - Reported Information Disclosure.
  • Chinmoy Pratim Borah - http://facebook.com/cpb2013: Reported XSS vulnerabilities.
  • Chirag Artani - https://twitter.com/chirag99artani https://3rag.com/chirag-artani - Reported Open Redirect / Reported HTML/CSS injection /Reported Information Disclosure/ reported Cross-site scripting (XSS) vulnerabilities.
  • Chirag Goyal - https://www.facebook.com/goyal.chirag23 - Reported XSS vulnerabilities.
  • Chris Green - @chris_t_green - Reported XSS vulnerabilities.
  • Chris McGowen – http://badcoding.net - @chrismcgowen: Reported DOM-based XSS vulnerability
  • Christian Galeone - https://thefacebook.com/christian.galeone.1: Reported xss vulnerabilities.
  • Christian Lopez Martin - insertco.in: Reported url redirection vulnerabilities.
  • Cristopher Busch - Meldung von Information Disclosure Schwachstellen.
  • Clifford Trigo - twitter: @mrtrizaeron: Reflected XSS.
  • Coastline Cybersecurity - https://coastlinecyber.com, https://x.com/CoastlineCyber - Reported Server-side request forgery (SSRF).
  • Codermak https://twitter.com/arshadkazmi42 - Reported Information Disclosure.
  • Cody R Ward - www.risker.com.au / www.facebook.com/le.pandanator - Reported XSS vulnerabilities.
  • collinsmarra - https://twitter.com/CollinsMarra - Reported Information Disclosure.
  • Coltuneac Alexandru: Reported XSS vulnerabilities.
  • Cotic Madalin - Reported XSS vulnerabilities.
  • Craig Young - Web: https://secur3.us/ Twitter: https://twitter.com/craigtweets - Reported RCE.
  • Cristi Vlad - https://twitter.com/CristiVlad25 - Reported Cross-site scripting (XSS).
  • Cyber Chutiya Attacker (Randi ka pilla): Reported CCS Injection vulnerabilities and privilege escalation for server/application.

D

  • Dan Fabro - https://dnx.zone - Reported Stored XSS, Reflected XSS, Self-XSS, Open Redirect, External SSRF and Clickjacking vulnerabilities..
  • Danijel Maksimovic - @maxon3: Reported URL redirection vulnerability.
  • Daksh Patel - @Dakshxss: Reported Login Issues.
  • Dan Kelley - dak@thesecure.be - Reported Information Disclosure.
  • Daniel Bakker - https://twitter.com/jackds1986 - Reported Information Disclosure.
  • Daniel Blindu - https://twitter.com/eblindudaniel - Reported Server-side request forgery (SSRF).
  • Daniel H - Reported Security misconfiguration.
  • Daoud Youssef - https://www.facebook.com/daoud.youssef.7 - Possible DDoS attack.
  • Darija Ivanovic - Web Develeper (Brcko Distrikt): Reported SQL Injection.
  • Darius Petrescu - twitter.com/@akkiliON_: Reflected XSS.
  • David Eckhardt: Reported "Full Path Disclosure“ and XSS vulnerabilities.
  • David Hoyt Hoyt LLC - http://xss.cx: Reflected XSS.
  • David Lassig - https://twitter.com/d_lassig / https://www.linkedin.com/in/davidlassig - Reported Information Disclosure.
  • Debarghya Sahoo - linkedin.com/in/debarghyasahoo - Reported Cross-site scripting (XSS).
  • Deekonda Vinod - twitter.com/vinod_deekonda - Reported Information Disclosure.
  • Deepak Kumar ( CipherEra) - vedixera.com - Reported Information Disclosure / Reported User Enumeration.
  • Deepanker Chawla - www.deepanker.in - @deepankerchawla: Reported XSS vulnerabilties.
  • Denis Bazur - argv500@gmail.com: Reported XSS vulnerabilities.
  • Deniz Işık / bursali - Administrator - www.bursali.eu: Reported CSS and LFI vulnerabilities in Deutsche Telekom Message Boards.
  • Denis Werner – www.nobbd.de, @nobbd - Reported SQL injection vulnerabilities.
  • Dennis Mwanzia - https://www.linkedin.com/in/dennis-mwanzia-b5b243283/ - Reported Information Disclosure / Reported Broken Access Control.
  • Devesh bhatt #deveshbhatt11: Reported Enumeration in login page.
  • Devjeet Singh: Sqli & Path Disclosure.
  • Dharmik Fichadiya - https://twitter.com/shelby67051949/ - Reported Broken Access Control.
  • Dhinu Ramachandran www.linkedin.com/in/dhinu-ramachandran-76683b206 - Reported HTTP header.
  • Diego Bernal Adelantado - https://www.linkedin.com/in/diego-bernal-adelantado/ - Reported Subdomain takeover.
  • Dmitry Ivanof - Reported XSS (Reflected) vulnerabilities.
  • Divakar - https://www.facebook.com/kd.divakar: Reported XSS vulnerabilities.
  • Djaballah Mohamed Taher - https://www.facebook.com/djaballah.mohamedtaher - Reported XSS vulnerabilities.
  • Djaber Djoukhrab - http://www.facebook.com/djroot.dz - Reported XSS vulnerabilities.
  • D. Jaya Shankar - https://twitter.com/MrJayashankar - Reported Information Disclosure.
  • Dr. Sebastian Schrittwieser - www.fhstp.ac.at & Peter Kieseberg - www.sba-research.org: Static code analysis of mobile applications
  • Duc Nguyen Huu - @peterjson - https://twitter.com/peterjson - Reported Remote Code Execution (RCE).

E

  • Ebrahim Hegazy - twitter.com/Zigoo0: Reported XSS  and SQL Injection vulnerabilities.
  • Edis Konstantini - twitter.com/ediskonstantini: Reported XSS vulnerabilities (flash based).
  • Eeshwar Dronavalli https://www.linkedin.com/in/eeshwar-dronavalli-5a16ba16a - Reported Missing Rate Limit.
  • Ehraz Ahmed - www.twitter.com/securityexe: Reported XSS vulnerabilities.
  • El Sayed Mohamed - www.linkedin.com/in/shai7a0x - Reported Cross-site scripting (XSS).
  • Emad Shanab - Twitter: https://twitter.com/Alra3ees - Reported XSS and information disclosure vulnerabilities.
  • Emad Youssef - twitter.com/Sy3Omda - Reported XSS, SSRF, Cross Site Tracing, Server Misconfiguration, Privilege escalation for server/application, multiple Open Redirect vulnerabilities and multiple reports of Cross-site scripting (XSS) / reported Information Disclosure vulnerabilities.
  • Enzo Freitas - https://www.linkedin.com/in/enzo-freitas-095607182/ - Reported Server-side request forgery (SSRF)/ Reported add Cross-site scripting (XSS) vulnerabilities.
  • Erchiqui Azzeddine - @zertox1: Information Disclosure.
  • Ereshwari Valmik - https://www.linkedin.com/in/ereshwari-valmik-28b376137 - Reported Information Disclosure / Reported Information Disclosure.
  • Eric Flokstra - www.linkedin.com/pub/dir/Eric/Flokstra: Reported xss vulnerabilities.
  • Erik van Oosbree - www.erikvanoosbree.nl: Reported XSS vulnerabilities.
  • eslamXxX https://www.linkedin.com/in/eslam-sayed-842770160 - Reported Open Redirect.
  • Eslam Kamal - https://www.linkedin.com/in/eslam-kamal/https://www.facebook.com/StrikerHacker33 - Reported / Reported Possible DoS Attack.
  • Eugen Füchsle - http://fyx.li: Reported XSS vulnerabilities.
  • Eusebiu Blindu - Reported XSS vulnerabilities.
  • Evan Ricafort - @robinhood0x00 (www.twitter.com/robinhood0x00): Reported XSS vulnerabilities.

F

  • Fabian Henneke - https://hen.ne.ke / @fhenneke- Reported DOM XSS vulnerabilities.
  • Fabian Mucke- https://twitter.com/HerrFabs - Reported Subdomain takeover, Information Disclosure.
  • Fabian Patrik - fpatrik / https://websafe.hu/ - Reported XSS vulnerabilities.
  • Fady Othman - twitter.com/fady_othman - Reported Cross-site scripting (XSS).
  • Faisal Ait Hamou - https://facebook.com/Faissal.AitHamou: Reflected XSS.
  • Faisal Shadab Yazdani - fb.com/fsyazdani RMAR Technologies Pvt. Ltd. (www.rmar.in): Reflected XSS.
  • Faiz Ahmed - https://www.linkedin.com/in/faizzaidi/ - Reported outdated security mechanisms.
  • Faraz Ali - twitter.com/FarazAli94 - Reported Cross-site scripting (XSS).
  • Fares Djghmoune - https://twitter.com/ImoJOnDz - Reported Remote Code Execution (RCE).
  • Farhin Malek - https://www.linkedin.com/in/farhin-malek28 - Reported Clickjacking.
  • Fatih GUREL - linkedin.com/in/fatihgurel/ - Reported CORS, Information Disclosure.
  • Felipe Gabriel Renzi - https://www.linkedin.com/in/felipe-gabriel-renzi - Reported Information Disclosure and Cross-site scripting (XSS)  vulnerabilities..
  • Filippos Mastrogiannis - @filipposmastro - Reported XSS vulnerability.
  • Florian Kunushevci - https://www.facebook.com/florianx00 - Reported multiple XSS vulnerabilities.
  • Florian Thie - https://florian-thie.de - Reported a CSRF vulnerability.
  • Florin Carja - @Quistertow – http://rstforums.com: Reported information disclosure.
  • Florindarck - http://twitter.com/QuisterTow: Reported path disclosure vulnerabilities.
  • Foysal Ahmed Fahim - hackerone.com/foysal1197 twitter.com/foysal1197 - Reported Information Disclosure, Subdomain takeover, Broken Access Control and HTTP header vulnerabilities / Reported Cross-site scripting (XSS) / reported HTML/CSS injection vulnerabilities / Reported Server-side request forgery (SSRF), Reported Path traversal.
  • Francisco Correa - panchocosil.blogspot.com - @panchocosil: Reported sql vulnerabilities.
  • Francisco Palma - https://twitter.com/1c3t0rm - Reported Default login.
  • Frank B. Vickers - https://www.linkedin.com/in/frank-vickers-199109a - Reported webservice misconfiguration
  • Frans Rosén - Detectify (https://detectify.com): Reported XSS vulnerabiltiy.
  • Frederik Werner - instagram: werner.frederik - Reported Broken Authentication.
  • Fredrik Nordberg Almroth: Tilde vulnerability.

GGineesh George - gineesh-george: Reported XSS vulnerabilities.

  • G Bharath kalyan - Whttps://www.linkedin.com/in/bharath-kalyan-476a651ba - Reported Cross-site scripting (XSS) / Reported Information Disclosure vulnerabilities / Reported Security misconfiguration / Reported Missing rate limit.
  • Gaurang maheta https://www.linkedin.com/in/gaurang-mehta-35515a162- Reported Information Disclosure.
  • GAURAV R NAIK - https://www.linkedin.com/in/gaurav-r-naik - Reported Cross-site scripting (XSS).
  • glatisant - https://twitter.com/glatisantbeast - Reported Open Redirect.
  • George Adel Sami Salib  https://www.linkedin.com/in/george-adel-5ab77a1b9 - Reported Information Disclosure.
  • Gia Bui Dai - @yabeow from VNG Corporation - Reported Information Disclosure.
  • Gozie - Twitter: twitter.com/g0ziem - Reported Cross-site scripting (XSS).
  • Guifre Ruiz – https://guif.re – Reported Information Disclosure
  • Guillermo Gregorio https://twitter.com/bsysop - Reported Server-side request forgery (SSRF).
  • Gurjant Singh Sadhra - http://hackerdesk.com @GurjantSadhra: Multiple vulnerabilities and SQL Injection, reported XSS vulnerabilities.

H

  • Halil Ahmad https://twitter.com/Halilahmadd  - Reported XSS (Reflected) vulnerabilities.
  • Halil Arı - https://www.linkedin.com/in/halilari/ - Reported Information Disclosure.
  • Hammad Shamsi - https://sh3ifu.com: Reported XSS vulnerabilities.
  • Hanno Böck - https://hboeck.de/ - https://twitter.com/hanno - Reported Information Disclosure, Reported RCE; Report Outdated Software vulnerabilitie.
  • Hans-Martin Münch, Mogwai Security - SQL Injection and RCE Vulnerabililty.
  • H@ck3r h!t3sh - www.sriyaan.com: Reported XSS vulnerabilities.
  • Hardik Gupta - https://www.linkedin.com/in/hardik-gupta-136644225/ - Reported Open Redirect.
  • Hardik Tailor - @iamhardiktailor: Reported XSS vulnerabilities.
  • Harendra yadav - linkedin.com/in/harendra-kumar-b4b510214 - Reported Missing rate limit.
  • Harikrishnan Dhandapani - https://www.linkedin.com/in/harikrishnan-d - Reported Broken Access Control.
  • Hari Krishnan - Facebook.com/c.hari1997: Reported clickjacking vulnerabilities.
  • Harinder Singh (S1N6H) - https://www.linkedin.com/in/lambardar - Reported Information Disclosure and Clickjacking.
  • Haris Ahmed - https://www.linkedin.com/in/haris-ahmed-ethical-hacker/ / Haris Ahmed (@HarisAhmed95) / Twitter- Reported Clickjacking.
  • Haris Mamoun - Reported Remote Code Execution.
  • Hasibul Hasan Rifat - twitter.com/rifatsec - Reported Information Disclosure.
  • Harry Schreiner - http://schreinerit.de/?sites=penetrationtest: Reported XSS vulnerabilities.
  • Harsh Bhanushali - http://linkedin.com/in/harshbhanushali - Reported User Enumeration.
  • Harsh Parekh https://www.linkedin.com/in/harshparekh11- Reported Remote Code Execution (RCE); Reported Information Disclosure.
  • Harsha Vardhan Boppana - @hvboppana: Reported cross site scripting.
  • Harshil Parikh https://www.linkedin.com/in/harshil-parikh-945bb8201 - Reported Clickjacking.
  • Harshit Shukla - http://facebook.com/lords001: Reported HTML Injection Vulnerability.
  • Hasan Basri Elisert - https://www.linkedin.com/in/hasanelisert - Reported Unsecured communication.
  • Hassan Badran - badranh.github.io - Reported Cross-site request forgery (CSRF).
  • hatim chabik https://twitter.com/H_chabik - Reported Cross-site scripting (XSS).
  • Hazem Mohamed - twitter.com/hazem0x - Reported XSS (Reflected) vulnerabilities.
  • heiye007 - WEB/LINKEDIN/TWITTER/FB - Reported Information Disclosure.
  • Hemant Kashyap - https://www.linkedin.com/in/hemant-kashyap-714564199 - Reported Server-side request forgery (SSRF).
  • Himanshu - Reported Security misconfiguration.
  • Himanshu Sondhi  - Reported Cross-site scripting (XSS) and Broken Access Control.
  • Hip - insight-labs.org: Reported Content Spoofing and CSRF vulnerabilities.
  • Hoang Quoc Thinh - @g4mm4 of CyberJutsu.IO - Reported RCE / Reported add Server-side request forgery (SSRF) vulnerabilities.
  • Honc (章哲瑜)- honcbb@gmail.com - Reported Open Redirect.
  • Horatau Marius - http://www.hackyard.net: Reported cross site scripting.
  • Hsu Myat Noe - https://www.linkedin.com/in/hsumyatno3: Reported Path disclosure.
  • Huy Kha - www.linkedin.com/in/huykha - Reported deprecated ciphers.
  • Hzllaga (宋昕岳) - hzllaga@gmail.com - Reported Other.

I

  • lalka - https://twitter.com/0x01alka - Reported XSS  vulnerability.
  • Ibrahim M.El-Sayed - the_storm: Reported SQL Injection vulnerabilities.
  • Ibrahim Raafat - @RaafatSEC - www.starware.net: Reported XSS vulnerabilities and Critical Information Disclosure.
  • Ibrahim Saud M - linkedin.com/in/ibrahim-saud-38a338139 - twitter.com/ibrahimsaudm?s=08 - Reported Default login.
  • Iem Prog - www.facebook.com/IEMPROG: Reported XSS vulnerabilities.
  • Ifrah Iman - www.ifrahiman.com / twitter.com/IfrahIman_ - Reported XSS vulnerabilities.
  • Ilca Lucian: Reported XSS vulnerabilities.
  • İlyas ORAK - tr.linkedin.com/in/ilyasorak - INNOVERABT - (2x) Reported XSS (Reflected) vulnerabilities.
  • Imen Essoussi: Reported SQL injection vulnerabilities.
  • Indresh Verma - https://twitter.com/Jester0x01 - Reported Information Disclosure.
  • Intrigue team - www.intrigue.io - Reported Information Disclosure.
  • Ishan Anand - @Zer0-Access: Reported XSS vulnerabilities.
  • ISHAN VYAS https://twitter.com/_snak3_/ - Reported Broken Access Control.
  • iskhaled nassar twitter.com/knassar702 - Reported User Enumeration, Cross-Site Scripting (XSS), Information Disclosure.
  • Ismael Hasan - https://www.facebook.com/ismaieil - Reported XSS vulnerabilities.
  • İsmail BÜLBÜL - Uluslararası Siber Güvenlik Federasyonu - Reported an XSS vulnerability.
  • Ismail Hossain - Twitter: https://twitter.com/cmsajib, Web: https://eesec.org - Reported an text injection vulnerability.
  • İsmail Taşdelen - https://linkedin.com/in/ismailtasdelen - Reported missing security mechanisms, clickjacking, information disclosure and other vulnerabilities, Reported Cross-site scripting (XSS), Reported HTTP header vulnerabilities, Reported Security misconfiguration / Reported Server-side request forgery (SSRF) vulnerabilities / 
  • Issam Rabhi - https://sites.google.com/site/issrabhi/: Reported XSS vulnerability.

J

  • JAAT Gaurav (@webcipher101) - https://www.linkedin.com/in/gaurav-dalal-0434821b5/ - Reported Information Disclosure.
  • Jacob Soo Lead Re, @Gunther_AR: Reported xss vulnerabilities.
  • Jagadeesh -  https://www.linkedin.com/in/jagadeesh-jd-79308b93/  - Reported clickjacking vulnerabilities.
  • Jai Kumar B linkedin.com/in/jai-kumar-835a54183 - Reported Information Disclosure.
  • Jake Reynolds | www.depthsecurity.com | https://twitter.com/depthsecurity - Reported XXE vulnerabilities.
  • Jakub Zoczek - http://zoczus.blogspot.com: Stored XSS.
  • Jamal Eddine El Hadjeui - @jamalc0m: Reported vulnerabilities.
  • Jamal Eddine El Hadjeui – www.paytabs.co: Reported Open URL Redirection vulnerability
  • Jamshid Baghban https://bugforlife.com/ - Reported HTTP header.
  • Janhavi Rajendra Sonatkar - www.linkedin.com/in/janhavi-sonatkar-42a76418b - Reported HTML/CSS injection.
  • Jan Markus Schütz- Reported Broken Authentication.
  • Jannick Oursin - facebook.com/jannick.oursin - Reported Information Disclosure.
  • Jan-Peter Rauschning - https://Rauschning.me - Critical Personal Data Information Disclosure.
  • Javid Hussain - @javidhussain21: Reported XSS vulnerabilities.
  • Jayshree Bhattacharya - linkedin.com/in/jayshree-bhattacharya-4a399a135 - Reported Broken Authentication.
  • Jens Müller - hacking-printers.net – CORS misconfiguration.
  • Jesus Maria Bermudez Serrano - twitter:@JesusBermudez32 - Reported Path traversal.
  • J. Francisco Bolivar - x.com/JFran_cbit - Reported Information Disclosure.
  • Jigar Thakkar (Akhani) - www.infobittechnologies.com - @jigarthakkar39: Reported Clickjacking and Information Disclosure vulnerabilities.
  • Jignesh Mistry: Reflected XSS.
  • Jitendra Jaiswal - @Facebook/desihack @twitter/jeetjaiswal22: Reported xss vulnerabilities.
  • Johannes Bluhm - Reported Information Disclosure.
  • John Kronenberg - https://www.linkedin.com/in/johnkronenberg/- Reported Information Disclosure.
  • Jon Bitquark – https://bitquark.co.uk: Reported open redirect vulnerability.
  • Jon Bitquark - open redirect: XSS and SQLi vulnerabilities.
  • Jordan Glover - LinkedIn https://www.linkedin.com/in/jordan-g-ab835550 - Reported Security misconfiguration.
  • Jose Carlos Exposito Bueno - https://www.linkedin.com/in/josecarlosexposito - Reported Cross Site Scripting vulnerabilities.
  • José Rabal Sastre: Reflected XSS.
  • Joseph Thacker - rez0.blog - twitter.com/rez0__ - Reported Information Disclosure.
  • jub0bs - https://twitter.com/jub0bs - Reported Subdomain Takeover.
  • Julien Ahrens - @MrTuxracer (www.rcesecurity.com): Reported cross-site scripting.
  • Junaid Farhan - www.facebook.com/junaid.farhan.54 - Reported a clickjacking vulnerability.

K

  • K Mohammed Danish faraz - linkedin.com/in/danish-faraz-70555bb9 - twitter.com/DanishKakingare?s=09 - Reported Default login.
  • KHAN mamun - https://twitter.com/mamunwhh - Reported Information Disclosure.
  • Kamil Jarosiński - https://twitter.com/ja_sec - Reported Cross-site scripting (XSS).
  • Kamil Sevi - @kamilsevi: Reported XSS vulnerability.
  • Kamil Sienicki - https://blog.sienicki.eu- Reported Cross-site scripting (XSS).
  • Kapil S. Kulkarni - Facebook: kapil.kulkarni.587 , Twitter: @kapilkulkarni91 , LinkedIn: https://www.linkedin.com/in/kapil-kulkarni-oscp-ceh-chfi-5a333763/ - Reported content spoofing vulnerability.
  • Karim Mohamed Ahmed - https://www.facebook.com/X.TiGeR.K: Reported XSS vulnerabilities.
  • Kashif Shoukat https://www.linkedin.com/in/kashif-shoukat-1o1/ - Reported Other.
  • kasme_memon_aya_tha - Reported Remote Code Execution (RCE).
  • Kasper Karlsson - Reported Cross-site scripting (XSS).
  • Kaushik Sardar - https://www.facebook.com/kaushiksardar.22 -  Reported Host Header Vulnerabilities.
  • Kazam Chaudhary aka p3n73st3r - www.twitter.com/p3n73st3r - Reported XSS vulnerabilities.
  • Kenneth Billones - https://twitter.com/k3nziy - Reported open redirect vulnerabilities.
  • Kevin Yehezkiel Gurning - https://www.linkedin.com/in/vinzel/ - Reported Open Redirect, Cross-site scripting (XSS).
  • Keyur Mehta - linkedin.com/in/keyur-mehta4455 - Reported Clickjacking.
  • khaled nassar - https://twitter.com/knassar702 - Reported Server-side request forgery (SSRF).
  • Khaled Essam Nassar - https://www.facebook.com/profile.php?id=100015121337012 - Reported XML-RPC vulnerability.
  • Khaled Mohamed [xElkomy] - xelkomy.github.io - twitter.com/0xelkomy - Reported several Cross-site scripting (XSS).
  • Khan Janny - https://www.facebook.com/bossjannykhan-  Reported Multiple Vulnerabilities.
  • Khôi Dương - Viettel Cyber Security - Reported IDOR vulnerability.
  • killua_21 - https://www.facebook.com/profile.php?id=100020497173263 - Reported Missing rate limit.
  • Kiran Chettri - twitter.com/kiranchettri_?s=09 - Reported User Enumeration, several Security misconfiguration and Possible DoS Attack; Reported HTML/CSS injection; Broken Access Control.
  • Kishan Kumar - https://twitter.com/hst_kishan?s=09 - Reported Clickjacking vulnerability.
  • Klaus @klaus_dev - Reported Information Disclosure.
  • KoF2002 & Sr33h4r!: Reported URL Redirection vulnerabilities.
  • Kolozsi András  https://twitter.com/bugh101 - Reported XSS vulnerabilities, SQLi, Information Disclosure, CSFR
  • Koulick Ghosh- https://www.linkedin.com/in/koulick-ghosh-732458205/ - Reported Cross-site request forgery (CSRF).
  • Koutrouss Naddara: Reported XSS vulnerability.
  • kr1shna4garwal - https://www.linkedin.com/in/kr1shna4garwal - Reported User Enumeration.
  • Krishna Chaitanya N - linkedin.com/in/n-krishna-chaitanya-27926aba - Reported Information Disclosure.
  • Kunal Bahl - Twitter: https://twitter.com/KunalBahl3, Facebook: https://www.facebook.com/kunal.bahl59 - Reported an Information Disclosure vulnerability.

L

  • Lalith Rallahabandi - @Lalithr95: Reported XSS vulnerability.
  • Lars Heckner - mail@larsheckner.de: Log4j
  • Lars Morgenroth - @krankoPwnz: Reported Open Redirect and SQL Injection vulnerabilities.
  • Laurent De Vos: Reported XST vulnerabilities.#
  • Leo Starcevic - Reported Subdomain takeover vulnerabilities, reported Information Disclosure, Cross-site scripting (XSS), Unsecure communication.
  • Leo Switness – reportet SQL vulnerabilities.
  • Leonid Hartmann - https://twitter.com/_harleo - Reported Authentication Bypass and RCE vulnerabilities.
  • Leonid Krolle - twitter.com/KrolleLeonid - Reported information disclosure
  • Lion Nagenrauft, Msg Systems AG - https://www.linkedin.com/pub/lion-nagenrauft/ - Reported Information Disclosure vulnerability.
  • Lifeawa lifeawa@163.com- Reported Cross-site scripting (XSS).
  • Lokesh Bhade - https://www.linkedin.com/in/Lokeshbhade/ - Reported Clickjacking.
  • Lorepoint - linkedin.com/company/lorepoint - Reported Information Disclosure.
  • Lorenzo Toti (sp1nn4k3r) - https://www.linkedin.com/in/lorenzo-toti-b0a939163 - Reported Server-side request forgery (SSRF) / reported Information Disclosures vulnerabilities.
  • love yadav - linkedin.com/in/love-yadav-5159611a3 - Reported Possible DoS Attack and Missing rate limit vulnerability / reported User Enumeration vulnerabilities / reported Information Disclosures vulnerabilities / reported Other vulnerabilities.
  • Lucas Carvalho - www.linkedin.com/in/lucascarvalho-/ - Reported Open Redirect.

M

  • Maciej Wojtasik - https://www.linkedin.com/in/maciej-wojtasik-b7386b208/,  https://billtech.pl/ - Reported Broken Access Control.
  • Magrabur Alam Sofily, @masofily, www.linkedin.com/in/magrabur-sofily - Reported Remote Code Execution (RCE).
  • Mahesh - LinkedIn: https://www.linkedin.com/in/f50c1e7y/ - Reported several Information Disclosure/ Reported Default login vulnerabilities.
  • Mahesh Raykar - www.linkedin.com/in/maheshraykar1997 - Reported XSS vulnerability.
  • MAHIN VM - linkedin.com/in/mahin-vm-57413315a - Reported Clickjacking.
  • Mahmoud El-Said El-Naggar (Starware) - www.starware.net: Reported Stored XSS vulnerabilities.
  • Mahmoud Hegazy - https://twitter.com/Hegzous - Reported XSS (Reflected) vulnerabilities.
  • Mahmoud NourEldin - https://www.facebook.com/3mmarQassem - Reported user enumeration, Missing rate limit software, Subdomain takeover, XSS (Reflected) vulnerabilities and Missing rate limit, Clickjacking vulnerabilities, Information Disclosure to the list of reported vulnerabilities.
  • Mahmud Hasan Sizan - https://twitter.com/mr_g_007 - Reported Server-side request forgery (SSRF).
  • Maksym Bendeberia - Linkedin: /in/jogspokoen, Website: websafetyninja.com - Reported Information Disclosure.
  • @mamunwhh: https://twitter.com/mamunwhh?s=07 - Reported Information Disclosure.
  • Mandeep – Reported SSL vulnerability.
  • Manikanta Simgamsetti - https://www.linkedin.com/in/manikanta-simgamsetti-19bb20140/ - Reported Cross-site scripting (XSS).
  • Manish Bhandarkar - @leosecure: Cookie disclouser vulnerability
  • Manish Bhattacharya - http://twitter.com/umenmactech: Reported Clickjacking Attack, Clickjacking with SQLI.
  • Manoj Kumar: Reported XSS vulnerabilities.
  • Marc Ströbel – phroxvs: Reported SQL Injection.
  • Marcel Bilal - wslab.de/#MarcelBilal - Reported a configuration vulnerability.
  • Markus Krell - https://www.friendly-intruder.de/ - Reported XSS vulnerability.
  • Martin https://hackerone.com/mit0z - Reported several Information Disclosure / Reported Cross-site scripting (XSS) vulnerabilities / Reported Information Disclosure
  • Martijn B - https://hacksclusive.com https://twitter.com/x1m_martijn - Reported Possible DoS Attack.
  • Martijn Baalman - hacksclusive.com - twitter.com/hacksclusive - Reported Cross-site scripting (XSS).
  • Martin - hackerone.com/mit0z - Reported Security misconfiguration.
  • Martin "maride" Dessauer - Reported Critical Information Disclosure.
  • Martin Thirup Christensen - https://twitter.com/MThirup: Reported sql and xss vulnerabilities.
  • Marvin Heyder - www.heyder-net.de - Reported Security Misconfiguration.
  • Marwan Idrees Hasan nheli - https://www.facebook.com/marwannheli - Reported Clickjacking vulnerabilities.
  • Mateusz Goik - aliantsoft.pl: Reported XSS vulnerabilities.
  • Mathias Karlsson - https://detectify.com: Repored XSS vulnerabilties.
  • Matthias Fetzer - https://de.linkedin.com/in/matthias-fetzer-2b930b9a: Reported SQL Injection
  • Matthias Marx - Reported Information Disclosure.
  • Matthias Ungethuem - Prof. Pentesting, unnex.de: Reported CSRF vulnerability in the context of email address handling.
  • Martin - https://twitter.com/martinbydefault - Reported Subdomain Takeover vulnerabilities.
  • Maulik Shah: HTTP Header Injection.
  • Maulik Vaidh - Twitter: @Maulik1827 - Reported clickjacking vulnerability.
  • Maurice Woitzyk – mauricewoitzyk.de/ twitter.com/Maurice_Woitzyk – stored XSS
  • Maverick Vi - Reported XSS vulnerabilities.
  • Maxime Ropelewski - Reflected XSS via Client Side Template Injection. 
  • Max Prietzel: Reported XSS and information disclosure vulnerabilities.
  • Maxim Rupp: Reported XSS vulnerabilities.
  • Mayank Bhatodra - http://www.linkedin.com/pub/mayank-bhatodra/7b/82/887: Reported XSS and ‘bypass of HTTPS on exceptional flow‘ vulnerability.
  • Mayank Kapoor - @wHys0SerI0s: Reported Clickjacking Attack, multiple vulnerabilities and SQL Injection.
  • Mayuri Suhas Gaikwad: Reported Access Policy Misconfiguration.
  • Mazen Gamal Mesbah @MazenGamal - www.facebook.com/love.rasolallh: Reported persistent XSS.
  • MD Abdul Salam: Reported XSS vulnerability.
  • Md. Nur A Alam Dipu - fb.com/nuraalam.dipu2 - Reported XSS vulnerabilities.
  • Md Sameull Soykot - @S0yk0t / fb.com/remixx.soykot - Reported XSS vulnerabilities.
  • Mehdi Elyassa - www.twitter.com/kalimer0x00 - Reported RCE and Privilege Escalation, reported Remote Code Execution
  • Mehedi Hasan Remon - twitter.com/remonsec - Reported Information Disclosure.
  • Mehmet Can GÜNEŞ twitter.com/mehmetcangunes - Reported Open Redirect.
  • Mehtab Zafar https://twitter.com/0xmzfr - Reported Cross-site scripting (XSS) und Editace a čtení dat jiných uživatelů.
  • Mehul Bharat Lunagariya - TWITTER: https://twitter.com/Mrrain_1996 and LinkedIn: https://www.linkedin.com/in/mehul-lunagariya-bb5b29194/ - Reported clickjacking vulnerabilities.
  • Melardev (@melardev) - Reported Privilege escalation for server/application.
  • Memon_Aya_Tha - Reported Information Disclosure.
  • memon_chodpray - Reported Data manipulation.
  • Merlin Mayr - Reported XSS-Flaw.
  • Mert Daş linkedin.com/in/mertdas - Reported Privilege escalation for server/application.
  • Maximilian Kretschmer - https://maximiliankretschmer.de Reported SSRF (Server-Side Request Forgery) and XSS vulnerabilities.
  • Michal Brygidyn - https://www.linkedin.com/in/michalbrygidyn/ - Reported Information Disclosure.
  • Michael Schwarz - @bidde: Reported XSS vulnerabilities.
  • Miguel Corral - https://twitter.com/mcorral74 - Reported Information Disclosure.
  • MIHIR MISTRY - mdmmistry@ymail.com: Reported XSS vulnerabilities.
  • Milad Safdari - @thesafdari0x - Reported Cross-site scripting (XSS).
  • Milan jain - linkedin.com/in/milan-jain-50a738213 - Reported Missing rate limit / Reported HTML/CSS injection vulnerabilities.
  • Milan Kyselica - Twitter: https://twitter.com/milan_kyselica  - Reported XSS and open redirect vulnerabilities.
  • Milivoj R. - linkedin.com/in/milivoj-r-8b925bb5 - Reported Cross-site request forgery (CSRF).
  • Missoum SAID - https://twitter.com/missoum1307: Reported XSS vulnerabilities.
  • Missoum SAID - @gmail.com - Reported outdated Telekom DNS-entry pointing to an external, vulnerable site.
  • Missoum SAID - http:// missoum1307.blogspot.com – Reported vulnerable Drupal implementation
  • Mitulkumar Soni - HACKSTOCk: Reported XSS vulnerability.
  • moein abas AKA mosec - www.linkedin.com/in/mosec-k - Reported Server-side request forgery (SSRF).
  • MOGWAI LABS GmbH - Reportes SQLi vulnerabilities.
  • Mohamed Abdelfatah - https://www.facebook.com/X.Vector1 / https://github.com/X-Vector - Reported multiple (reflected) XSS vulnerabilities.
  • Mohamed Aborehab - https://twitter.com/MOOHAM33D - Reported Missing rate limit vulnerabilities.
  • Mohamed Ayman - twitter: https://twitter.com/0xA1MN - Reported Information Disclosure.
  • Mohamed Dief https://twitter.com/DemoniaSlash - Reported Information Disclosure/ Reported CRLF injection vulnerabilities.
  • Mohamed Elbadry - https://twitter.com/_melbadry9 / https://linkedin.com/in/melbadry9 - Reported CRLF Injection / Cross-site scripting (XSS) and Open Redirect vulnerabilities.
  • Mohammed Abdelbaset Elnoby - @SymbianSyMoh (W3Pwn.com): Information disclosure, Multiple XSS vulnerabilities.
  • Mohamed Elkhayat - Mohamed Elkhayat (@Mohamed87Khayat) / Twitter - Reported Cross-site scripting (XSS).
  • Mohamed Abdelhady - Linkedin https://www.linkedin.com/in/mohamed-abdelhady-0b890420b/
    - Twitter https://twitter.com/Mohamed_A_R_1 - Reported Information Disclosure.
  • Mohammed Ahmed Nassar - FB.COM/Mohammed.Ahmed.Nassar: Reported XSS vulnerabilities.
  • Mohammed Amer - twitter.com/0nlymohammed - Reported Information Disclosure.
  • Mohamed amine kerrich - LinkedIn: linkedin.com/in/mohamed-amine-kerrich - Reported Broken Access Control.
  • Mohamed Elsayed Maati - @MSM_1sT: Reported XSS vulnerability.
  • Mohamed Ibrahim - twitter.com/mOhamedd7w - Reported Information Disclosure.
  • Mohamed Ragab - www.facebook.com/mohammed.ragab.562 - Reported XSS (Reflected) vulnerabilities.
  • Mohammed F. Al-Barbari - https://twitter.com/m4dm0e - Reported Cross-site scripting (XSS), Cross-site request forgery (CSRF).
  • Mohammed Fayez Albanna - www.facebook.com/bana2313: Reported XSS vulnerabilities.
  • Mohammed Israil - https://twitter.com/mdisrail2468: Reported Access Policy Misconfiguration.
  • Mohammed Kamal Darwish (Algorithmic) - https://mkalgorithmic.blogspot.com/ - facebook.com/Mohammed.Kamal.Darwish - Reported unsecured communication and Information Disclosure.
  • Mohammed Magdi Shafig https://twitter.com/mohammedmagdi77 https://www.facebook.com/mohammedmagdishafig smartech.sd - Reported Information Disclosure.
  • Mohammed Mido - https://www.facebook.com/Mr.notron - Missing rate limit.
  • Mohammed Sami facebook.com/Jizen0x01 - Reported vulnerabilities.
  • Mohammed Shine - https://twitter.com/mohammedshine8 - Reported Host Header Injection.
  • Mohammed Yasin https://twitter.com/DeogoYasin - Reported Broken Access Control.
  • Mohamed Sakr - facebook.com/X3rrOR - Reported XSS (Reflected) vulnerabilities.
  • Mohamed R. Serwah - @serwazzito0 - Reported Stored XSS and Reflected XSS vulnerabilities / Reported Cross-site scripting (XSS).
  • @mohammadhdg1 web: https://infogazine.com - Reported SSL Poodle vulnerabilities.
  • Mohd Asif Khan - linkedin.com/in/mohd-asif-khan-✪-5228a9179 - Reported Security misconfiguration.
  • Mohit Kumar - linkedin.com/in/mohit-kumar-4ab6b3bb - Reported Information Disclosure.
  • Mohit Sahu - @mohitnitrr: Reported Content Spoofing.
  • Mohsin Khan https://twitter.com/mokhansec - Reported Information Disclosure.
  • Monendra Sahu - indishell: Reported Content Spoofing.
  • Mostafa Aboelnour - https://www.linkedin.com/in/maboelnour12/ - Reported Information Disclosure.
  • Mr!dul Vohra - https://www.linkedin.com/in/mridulvohra - Reported Possible DoS Attack.
  • Mr.AnonDeek (Abedalrahman aldeek) - facebook.com/Mr.AnonDeek - Reported XSS (Reflected) vulnerabilities and CSRF vulnerabilities.
  • Mr.AnonDeek (Abedalrahman aldeek) - http://www.facebook.com/Mr.AnonDeek - Reported Missing rate limit vulnerabilities.
  • msion - msion@foxmail.com - Reported Cross-site scripting (XSS).
  • Muhammad Afaq Abid- https://www.linkedin.com/in/afaq/ - Reported Information Disclosure.
  • Muhammad Billadilathof - facebook.com/ToflaXploit - Reported Cross-site scripting (XSS).
  • Muhammad Haris Aftab - linkedin.com/in/muhammad-haris-aftab-6693201a4 - Reported Security misconfiguration.
  • Muhammad Julfikar Hyder https://thejulfikar.xyz - Reported Information Disclosure.
  • Muhammed Sadettin KARATAŞ - Reported Information Disclosure and Cross Site Scripting.
  • Muhammed Shahmeer (Maads Security) - https://www.facebook.com/Shahmeer.1994: Reported XSS vulnerabilities.
  • Muskan Shaikh - https://www.linkedin.com/in/muskan-shaikh-a77b801b2 - Reported Security misconfiguration.
  • Mustafa Can IPEKCI - nukedx.com - Reported Subdomain Takeover vulnerability.
  • Mustafa Diaa - @c0braBaghdad1 - Reported XML-RPC, Information disclosure, SSTI, SSL/TLS Authentication Gap, Local File Disclosure and Source Code Disclosure vulnerabilities and also usage of outdated and vulnerable software, Insecure Certificates, Configuration Files Disclosure, Cross-Site Tracing (XST) and Full Path Disclosure/ Reported Information Disclosure vulnerabilities.
  • Muzaffer Satiroglu:  https://www.linkedin.com/in/muzaffer-satiroglu-8558541a5 - Reported Broken Authentication.

N

  • Naman shah - https://www.twitter.com/naman_1910 - Reported Broken Access Control / Reported HTTP header vulnerabilities.
  • Name – snop. – rabbitz.org: Reported XSS vulnerabilities.
  • Naresh Chowdary, twitter.com/knc331 - Reported Privilege escalation for server/application.
  • Nasreldeen Yousif Osman - LinkedIn: https://www.linkedin.com/in/nasryousif/ - Twitter: https://twitter.com/nasreldeenusif - Reported Cross-site scripting (XSS).
  • nav1n - https://twitter.com/nav1n0x, https://www.nav1n.com - Reported Cross-site scripting (XSS).
  • Navreet - https://www.linkedin.com/in/navreet-singh-rnns142500/ - Reported Cross-site request forgery (CSRF).
  • Nayab keshodwala - : https://www.linkedin.com/in/nayab-keshodwala-994b1198 – Reported an XSS vulnerability
  • N B Sri Harsha - nbsriharsha.blogspot.in: Content Spoofing Bug.
  • Nehal Pillai - https://www.linkedin.com/in/nehal-pillai-02a854172 - Reported Security misconfiguration and Broken Authentication vulnerability.
  • Nick Kelley - Reported Full Path Disclosure vulnerability.
  • Nicolas Armua - instagram.com/thedragoncompany / https://facebook.com/DTSRECORD - Reported Cross-site scripting (XSS).
  • Nicolas Thumann - n-thumann.de / @n_thumann - Bypassing two Captchas / Enumeration Attack / Reported Access Policy Misconfiguration / Reported Open Redirect / Reported XSS (Reflected) vulnerabilities / Reported multiple instances of Sensitive Information Disclosure /reported information, open redirect vulnerability/ disclosure vulnerability and other vulnerabilities /reported Insufficient Access Control, Information Disclosure, XSS, Account Existence Check / Host Header Injection and DoS Attack / DOM-XSS via File Input / Cross-site scripting (XSS) / Domain Ownership Validation Bypass /Reported Open Redirect vulnerabilities.
  • Nikhil Kumar - https://in.linkedin.com/in/nikhil-kumar-4b9443166: Open Redirect / Reported Information Disclosure.
  • Nikhil Rane - linkedin.com/in/nikhil-rane-31733a217 - Reported Information Disclosure.
  • Nikola Kojic - http://ras-it.rs/ -  Reported Open Redirect and XSS vulnerabilities.
  • Nikunj Chandak - LinkedIn URL : https://www.linkedin.com/in/nikunj-chandak-486367203/ - Reported Missing rate limit.
  • NILESH AGRAWAL KOYO - https://twitter.com/koyohere - Reported Other.
  • Nipun Somani (twitter: https://twitter.com/nipunsomani) - Reported possible Privilege Escalation.
  • Niraj Modi - Reported Other.
  • Nitin Santosh Gavhane - twitter.com/Nitin34627556?s=09 - linkedin.com/in/nitin-gavhane-949b69179 - Missing rate limit.
  • NoBountyForThis - Twitter: https://twitter.com/akincibor1 - Reported Server-side request forgery (SSRF).
  • Noth (沈彧璿) - zxc7528064@gmail.com - Reported Cross-site scripting (XSS).
  • Nurullah Demir – ndemir.com - Reported XSS vulnerabilities.

O

  • Olawale Hassan - https://linkedin.com/in/olawaleh, @wallehazz - Reported RCE.  
  • Oliver Müller - https://instagram.com/dj.owly - Reported Broken Authentication.
  • Olivier beg - www.olivierbeg.nl: Reported XSS vulnerabilities. 
  •  Omar Badraan - omarmohamedsc.github.io - Reported CSRF vulnerabilities.
  • Omar ElSayed - fb.me/bxrr23 - Reported Missing rate limit, Security misconfiguration, Other, User Enumeration, Server-side request forgery (SSRF), Cross-site request forgery (CSRF), Cross-site scripting (XSS), Reported Privilege escalation for server/application / Reported Security misconfiguration / Reported Information Disclosure and Open Redirect vulnerabilities / Reported Information Disclosure vulnerabilities / Reported HTML/CSS injection and Broken Access Control vulnerabilities / Reported Unrestricted file upload and Broken Authentication / Reported Clickjacking vulnerabilities / Reported Path traversal vulnerabilities, Reported Remote Code Execution (RCE).
  • ome_mishra - Reported Remote Code Execution (RCE).
  • Omur UGUR - omurugur.com - Reported DOM-based XSS vulnerability.
  • Ori Levi - https://www.linkedin.com/in/orilevicyber - Reported Directory Listing, HTTP header, Clickjacking, HTML/CSS injection, Path traversal.
  • Osama Ansari - www.twitter.com/ansariosama10: Reported DOM Based XSS vulnerability.
  • Osama Khan - facebook.com/KhanOsama775 - Reported Cross-site request forgery (CSRF).
  • Osanda Malith Jayathissa - @OsandaMalith: Reported vulnerable version of software.
  • Owais Mehtab - https://twitter.com/kc_8002: Reported Captcha Bypass vulnerabilities.

P

  • Pablo Santiago - https://www.linkedin.com/in/pablo-s-385647163/ - Reported Missing rate limit / Reported HTTP header.
  • pallab jyoti borah https://www.linkedin.com/in/pallab-jyoti-borah-20874a181 - Reported Cross-site request forgery (CSRF).
  • Paras Pilani - @cool_paras: Reported XSS vulnerability.
  • Parshwa Bhavsar - twitter.com/parshwa_bhavsar?s=08 - Reported HTTP header.
  • Parth Shukla https://www.linkedin.com/in/parthshu18 - Reported Information Disclosure.
  • Pascal Zenker - https://parzelsec.de - @parzel2 - Reported RCE and SSRF vulnerabilities.
  • Parveen Yadav: Reported XSS vulnerability.
  • Patrik Fehrenbach - IT-Securityguard.com @itsecurityguard: Reported XSS vulnerabilities.
  • Patrick Davidson Tremblay https://www.linkedin.com/in/patrick-davidson-tremblay/- Reported Default login.
  • Patrick Lang - linkedin.com/in/patrick-lang-707809147 - Reported Security misconfiguration / Reported Broken Authentication vulnerabilities.
  • Paul Seekamp - www.linkedin.com/in/paulseekamp: Reported XSS vulnerability.
  • Paweł Hałdrzyński: Reflected XSS.
  • Pedro Cardoso - twitter.com/tvmpt - Reported Cross-site scripting (XSS).
  • Peter Jaric - @peterjaric (javahacker.com): Reported XSS vulnerability.
  • peterjson of RedTeam@VNG Corporation - Reported Remote Code Execution (RCE).
  • Philippe Delteil @philippedelteil- Reported Possible DoS Attack and Server-side request forgery (SSRF) vulnerabilities.
  • phor3nsic - https://twitter.com/phor3nsic_br - Reported Server-side request forgery (SSRF).
  • Piotr Karolak,  https://github.com/UGF0aWVudF9aZXJv - Reported Cross-site scripting (XSS) / Reported Server-side request forgery (SSRF) / reported Broken Access Control vulnerabilities.
  • Piyush P - linkedin.com/in/piyush-p-1b8a2312b - Reported Cross-site scripting (XSS).
  • Pritam Dash - https://www.linkedin.com/in/pritam-dash-116931171/ - Reported Information Disclosure, Security Misconfiguration, User Enumeration.
  • Pobereznicenco Dan - danyweb09 - rstforums.com - Reflected XSS.
  • Pradeep Jairamani: Reported security vulnerabilities.
  • Prajit Sindhkar (SAPT) https://www.linkedin.com/in/prajit-sindhkar-3563b71a6/ - Reported Information Disclosure.
  • Prakash Dhatti - https://www.linkedin.com/in/prakash-dhatti-53201167/  - Reported CORS vulnerabilities.
  • Pralhad Chaskar - @c0d3xpl0it: Reported Clickjacking Attack and XSS vulnerability.
  • Pramod.P Sargar - linkedin.com/in/impramodsargar - twitter.com/impramodsargar - Reported Clickjacking.
  • Prashant Rajput - fb.com/HACKDIVE RMAR Technologies Pvt. Ltd: (www.rmar.in): Reflected XSS.
  • Praveen N Air & Simone Memoli (Simon90_Italy): Reported XSS vulnerability.
  • Pranjal Singhal - https://www.facebook.com/pranj.4.u - Reported XSS vulnerabilities.
  • Prashant Khare - https://www.linkedin.com/in/prashantkhare001- Reported Content Injection vulnerabilities.
  • Pratama Aji Prisadi - linkedin.com/in/pratamaajip - Reported Server-side request forgery (SSRF).
  • Prathamesh Joshi - https://twitter.com/@pr4th4m_joshi - Reported XSS vulnerabilities.
  • Pratik K. Tejani - https://twitter.com/tejani_pratik https://www.facebook.com/pratik.tejani.5- Reported Server-side request forgery (SSRF).
  • Prem Kumar - @iAmPr3m
  • Pritam Mukherjee - linkedin.com/in/pritam-mukherjee-urvil-b75ab9b9 - Reported Missing rate limit.
  • Priyank - fb.com/priyank3126 RMAR Technologies Pvt. Ltd: (www.rmar.in): Reflected XSS.
  • Priyanshu Upadhyay - linkedin.com/in/priyanshu-upadhyay - Reported Unsecured communication.
  • proabiral - https://twitter.com/proabiral- Reported Remote Code Execution (RCE).
  • Pulkit Pandey - twitter.com/pulkitpandey92 - Reported Privilege escalation for server/application.
  • Paul Seekamp - @nullenc0de - Reported Cross-site scripting (XSS).

Q

R

  • Rafael Cavalcante Zanetti - https://www.linkedin.com/in/sysraafael/  - Reported Information Disclosure.
  • Rafael Fedler - https://www.linkedin.com/in/rafaelfedler- Reported open-redirect vulnerability.
  • Raghav sharma @Recon - Reported XSS vulnerabilities.
  • Rahul Parmar - linkedin.com/in/rahul-parmar31 - Reported Missing rate limit / Reported Clickjacking / Reported Cross-site scripting (XSS).
  • Rahul Raj-@rahulr0cks Reported xss vulnerabilities
  • Rahul Singh: Sqil & Path Disclosure.
  • Rahulvenati: Reported XSS vulnerability.
  • Raj Sukali - twitter.com/NoTty_rAj: Reflected XSS.
  • Raja Ahtisham - https://www.facebook.com/profile.php?id=100009347250717 - Reported Hyperlink Injection vulnerabilities.
  • Rajesh Mondal - facebook.com/r4j3sh
  • Rajesh Patil - Reported Cross-site scripting (XSS).
  • Rajesh Sagar- https://www.linkedin.com/in/rajesh-sagar-95619524b - Reported Missing rate limit.
  • Rajnish Kumar Gupta - linkedin.com/in/geekyrajnish - Reported Clickjacking.
  • Rakesh Singh & Harish kumar & Sandeep Sodhi - https://twitter.com/zerodayguys: Reported HTTP header injection vulnerability
  • Raman Gupta - http://in.linkedin.com/pub/raman-gupta/27/66/2a0: Reported Internal Stack trace disclosure vulnerabilities.
  • Ramesh kanna M -Twitter account : https://twitter.com/RameshKanna05 - Reported Information Disclosure / Reported Default login vulnerabilities.
  • Ramkumar G - twitter: https://twitter.com/_ramkumar_g - Reported HTML/CSS injection.
  • Ramon Dunker - https://ramondunker.nl / https://www.linkedin.com/in/ramondunker - Reported Cross-site scripting (XSS), Clickjacking and Server-side request forgery (SSRF), Remote Code Execution (RCE) and Information Disclosure vulnerabilities / Reported Other vulnerabilities.
  • Randi Julianto - https://www.linkedin.com/in/randi-julianto-182b04120 - Reported Clickjacking
  • Ranjithkumar Mayavan - https://www.linkedin.com/in/ranjithkumar-mayavan-926738169/ https://twitter.com/ranjithbreaks - Reported Default login.
  • Rashed Hasan – LinkedIn: https://www.linkedin.com/in/rashedhasan00 Twitter: https://twitter.com/rashed_hasan00 - Reported XSS vulnerabilities.
  • RAVI ASHOK PRAJAPATI - https://twitter.com/raviakp1004 https://www.linkedin.com/in/ravi-prajapati-346b15190 - Reported Cross-site scripting (XSS).
  • Ravi Pavan - linkedin.com/in/contact-pavan - Reported Information Disclosure.
  • Ravi Singh: Reported XSS vulnerability.
  • Ravinsta Antony - Reported Information Disclosure.
  • Ravikumar Paghdal - @_RaviRamesh: Reported Open Redirection.
  • Reinal Shetty - Reported outdated softeware.
  • Rémy Marot - https://twitter.com/r_marot - Reported RCE.
  • rez0 https://twitter.com/rez0__ - Reported Information Disclosure.
  • Riadh Benlamine - https://www.linkedin.com/in/riadh-benlamine-a35106189 / www.facebook.com/riadhbenlamineg - Reported Clickjacking vulnerabilities / Reported Cross-site request forgery (CSRF).
  • Ridoy Khan - Reported Clickjacking.
  • Rihana Shaikh - Website: www.extremehacking.org - Reported several clickjacking vulnerabilities.
  • Rikson Naway - https://twitter.com/riksonnaway1 - Reported HTML/CSS injection.
  • Rishal Dwivedi - fb.com/rishaldwivedi, @rishaldwivedi & Manjot singh - @Manjotsinghg8: Reported xss vulnerabilities.
  • RITAJ SHARMA - linkedin.com/in/ritaj-sharma-578997199 - Reported Clickjacking.
  • Ritik Chaddha - twitter.com/RitikChaddha - Reported several User Enumeration; Information Disclosure 
  • Ritwick Dadhich - linkedin.com/in/ritwickdadhich -ritwick-dadhich.github.io/profile - Reported Security misconfiguration.
  • Robert Kugler - robert.kugler10@gmail.com - Reported OpenRedirect vulnerability.
  • Robin Descamps - https://www.linkedin.com/in/robindescamps- Reported Broken Authentication, Server-side request forgery (SSRF).
  • Robin Lindner - Lindner IT - https://lindnerit.io - Reported Default login.
  • Rodolfo Godalle, Jr. - fb.com/junior.ns1de: Reported XSS vulnerability.
  • Rody Shahnazarian https://twitter.com/komradz86 - Reported Cross-site scripting (XSS).
  • Rohan Agarwal - linkedin.com/in/rohan-agarwal-27265a176 - Reported Security misconfiguration.
  • Rohan Kulkarni - https://www.linkedin.com/in/rohan-kulkarni-6a073979/ - Reported Denial of Service vulnerability.
  • ROHIT SHARMA - linkedin.com/in/rohit-sharma-1386bb1bb - Reported Cross-site scripting (XSS).
  • Ronak Nahar - Reported Information Disclosure.
  • Roy Jansen - https://www.facebook.com/RoyJansen01 - Reported Open Redirect vulnerability.
  • rskvp93 (Viettel Cyber Security) - http://vnprogramming.com - https://twitter.com/rskvp93 - Reported RCE Injection.
  • Rudra16 twitter.com/rudra16t - Reported Information Disclosure.
  • Rudra Karn - @rudra11346926 - Reported Information Disclosure.
  • Rupesh Tanaji Kokare - https://www.linkedin.com/in/rupesh-kokare-b63a78145/ - Reported Clickjacking vulnerabilities.

S

  • S. Venkatesh (Shadow force), Sen Haxor, Rahul Singh(rmar.in), Manoj(Sneaker): SSL ciphers.
  • Sachin Rajput - fb.com/schngahlaut  RMAR Technologies Pvt. Ltd. (www.rmar.in): Reflected XSS.
  • SADDAM HUSSAIN - https://twitter.com/wisdomfreak1 - Reported Information Disclosure.
  • Sadegh Ahmadzadegan: Blind SQL injection.
  • Saeed Kamranfar - https://www.linkedin.com/in/saeed-kamranfar-8026591a0 - Reported Server-side request forgery (SSRF).
  • SAFA Ayoub - Twitter: @SafaAyoub - Reported information disclosure, RCE and SQLI vulnerabilities.
  • Sahil Saif - @bewithsahilsaif: Clickjacking vulnerability.
  • Sahil Sehgal - @xXSehgalXx - breakingmesh.blogspot.com: Reported Information Disclosure Vulnerability.
  • SAIGANESH MARATI    - https://www.linkedin.com/in/saiganesh-marati-739492214 - Reported several Clickjacking vulnerabilities / Reported Information Disclosure vulnerabilities / Reported HTTP header.
  • Sajal Verma - https://www.facebook.com/sajalpentest: Reported information disclosure vulnerability
  • Sajith Shetty: Reported Clickjacking und Path Disclosure vulnerabilities.
  • Sattar Jabbar - https://www.facebook.com/vipexploiter - Reported Local File Disclosure vulnerabilities.
  • Samet Şahin - https://twitter.com/F4LCONE_/ https://www.linkedin.com/in/sametsahinn/- Reported XSS vulnerabilities.
  • Samprit Das - https://www.linkedin.com/in/samprit-das-9805831a2 - Reported Server-side request forgery (SSRF) / reported Cross-site scripting (XSS) vulnerabilities.
  • Sánchez Garcés - http://enelpc.com - @enelpc: Reported xss vulnerabilities.
  • Sandip Oli https://www.linkedin.com/in/sandip-olee/ https://www.facebook.com/sandip.olee - Reported Information Disclosure and Open Redirect vulnerabilities.
  • SANJAY VENKATESAN  - https://www.linkedin.com/in/sanjay-venkatesan-5a478220b - Reported Information Disclosure.
  • Saphal Karki (kira) - twitter.com/k1ra__ - Reported Server-side request forgery (SSRF).
  • Saravana Kumar V - URL: http://linkedin.com/in/06saravana - Reported an Information Disclosure vulnerability.
  • Sardarescu Louis Aurel - https://www.facebook.com/sardarescu.louisaurel.7 - Reported Self-XSS vulnerabilities.
  • Sasi Levi @ Sasi 2103 - Reported XSS vulnerabilities.
  • Satheesh Raj - https://www.facebook.com/UaA3ks1: Reported XSS vulnerability.
  • Satish Bommisetty - http://www.securitylearn.net: Reported missing X-Frame-Options.
  • Satyam Singh (0xm3hd)- https://twitter.com/m3hd22 - Reported Missing rate limit.
  • Satyasys Tech Private Limited - satyasys.com - Reported Broken Authentication.
  • Satyendra Prajapati - @satty032 - https://twitter.com/satty032: Reported IFrame Injection and XSS vulnerabilities.
  • Saurabh Siddharam Sanmane - https://twitter.com/@saurabhsanmane2 - Reported improper session handling vulnerabilities.
  • Saurabh Saxena - Reported XSS vulnerabilities.
  • Sayeed Shaik - https://www.linkedin.com/in/sayeedshaik/ - https://twitter.com/sayeedm44 - Reported Other.
  • Sebastian Feldmann - Reported HTML Injection.
  • Sebastian Neef - it-solutions-neef.de: Reported XSS vulnerabilities.
  • Sebastian Neef and Tim Schäfers - @internetwache (www.internetwache.org): Reported SQL Injection and XSS vulnerabilities.
  • SecuNinja - http://twitter.com/secuninja - Reported XSS vulnerabilities/ Reported XSS vulnerabilities and misconfiguration of webservers / Reported XSS (Reflected) vulnerabilities, Reported Information Disclosure, Reported Subdomain takeover.
  • Sergio Galán aka NaxoneZ - @NaxoneZ: Reported XST vulnerabilities.
  • @serWazito0 - Reported Cross-site scripting (XSS).
  • Severus Huy Ngo - www.linkedin.com/in/huy-ng%C3%B4-1a9b52282/ - Reported Information Disclosure.
  • Shady Gamal - https://twitter.com/5hady_- Reported RCE Injection.
  • Shahaf Levi - linkedin.com/in/shahaflevi - www.cysrc.com - Reported Cross-site scripting (XSS).
  • Shaikh Yaser Arafat - Twitter.com/yaser_s - Reported Access Policy Misconfiguration.
  • Shaikh Yaser Arafat - https://linkedin.com/in/shaikhyaserarafat/ - Reported default credentials.
  • Shaikh Yaser Arafat - https://twitter.com/yaser_s - https://www.linkedin.com/in/shaikhyaserarafat/ - Critical Information Disclosure.
  • Shaikh Yaser Arafat - https://twitter.com/yaser_s - https://www.linkedin.com/in/shaikhyaserarafat/ - SubDomain Takeover
  • Shaikh Yaser Arafat - twitter.com/yaser_s - Reported default credentials.
  • Shailabh Singh - fb.com/shailabh2 RMAR Technologies Pvt. Ltd. (www.rmar.in): Reflected XSS.
  • Shailendra Singh sachan - https://www.linkedin.com/in/shailendra-singh-sachan-b8205b184 - Reported HTTP header.
  • Shailesh kumavat https://hackerone.com/0x240x23elu https://twitter.com/0x240x23elu - Reported Information Disclosure / Reported Server-side request forgery (SSRF) and Cross-site scripting (XSS) vulnerabilities.
  • Sharanya. M - twitter.com/@SharanyaM_99 - Reported Broken Access Control.
  • Shashank Dixit - Reported a misconfiguration.
  • Shaun Budding - https://twitter.com/pudsec - Reported Information Disclosure.
  • Shay ben tikva - WEB/LINKEDIN/TWITTER/FB - Reported Information Disclosure.
  • Shay Hagai - www.linkedin.com/in/shay-hagai - Reported Information Disclosure.
  • Sherin Panikar - Kerala Cyber Squad-India: Reported vulnerabilities.
  • Shesha Sai C - http://linkedin.com/in/shesha-sai-c-18585b125 - Reported Information Disclosure and Open Redirect.
  • Shivam Kamboj Dattana - https://twitter.com/sechunt3r | https://www.linkedin.com/in/sechunt3r/ - Reported broken authentication mechanism.
  • Shivam Pravin Khambe - linkedin.com/in/shivam-khambe-9a982b180/ - https://twitter.com/ShivaRa42316756 - Reported Host header injection.
  • Shivam Shrivastav (Laalaji) -   https://twitter.com/shubshrivastav?t=M-qxJ-jWbxIL2gs34FLNHA&s=09 https://www.linkedin.com/in/shivam-shrivastav-laalaji  - Reported Information Disclosure, Other, Default login.
  • Shivang Trivedi  https://www.linkedin.com/in/shivang-trivedi-a149b2190/ - Reported Remote Code Execution (RCE).
  • Shobhit Gautam: Authentication issues.
  • Shpend Kurtishaj - @shpendk: Open redirect.
  • Shrikant Antre - @shrikant_hell: Reported Clickjacking Attack.
  • Shubham Garg - twitter.com/nullb0t - Reported Information Disclosure.
  • Shubham Singh Jijania, kush_kira, kushkira, Paypal.me/kushkira - Reported Possible DoS Attack.
  • Shwetabh Suman - @SHWETABHSUMAN11/ https://www.facebook.com/profile.php?id=100011024580051 - Reported CSP bypass vulnerability.
  • Sibusiso Sishi https://twitter.com/sibusisosishi - Reported Information Disclosure.
  • Siddharth Prasad - LinkedIn - https://www.linkedin.com/in/siddharth-prasad-3b0310151 - Reported Default login / Reported Server-side request forgery (SSRF) vulnerabilities / Reported Clickjacking vulnerabilities / Reported Unsecured communication vulnerabilities / Reported Information Disclosure and HTTP header  vulnerabilities.
  • Simon Bräuer - @redshark1802: Reported SQL Injection, RCEs, XSS, auth bypass, Clickjacking and Information Disclosure vulnerabilities.
  • Simone Memoli twitter.com/Simon90_Italy: Reflected XSS.
  • Sireesha: Reported XSS vulnerability.
  • six2dez - six2dez.com / Six2dez (@Six2dez1) / Twitter - Reported Remote Code Execution (RCE), Server-side request forgery (SSRF), Cross-site scripting (XSS), Reported Information Disclosure.
  • Sönke Behrendt - Repoted vulnerability in Speedport firmware.
  • Soham Lad - linkedin.com/in/soham-lad-8a336020a - Reported Information Disclosure.
  • soman verma - twitter.com/somanverma13 - Reported Missing rate limit.
  • Souhaib Naceri - https://www.linkedin.com/in/souhaib-naceri - Reported Information Disclosure.
  • Souvik Mondal - https://www.linkedin.com/in/souvik-mondal-8b3a0a1b3/ - Reported Security misconfiguration.
  • spookhorror - Reported Broken Access Control.
  • Spyridon Chatzimichail - https://gr.linkedin.com/in/spyridon-chatzimichail-07467928 - Reported XSS Vulnerabilities.
  • Srikar V https://linkedin.com/in/exp1o1t9r exp1o1t9r.com - Reported Information Disclosure.
  • Sriram Naidu: Reported XSS vulnerability.
  • Ştefan Cicoş - Stefan Cicos (@StefanCicos) / Twitter - Meldung von Cross-site scripting (XSS) Schwachstellen.
  • Stefan Schurtz – www.darksecurity.de : Reported XSS vulnerabilities.
  • Steven - https://twitter.com/keritzy - Reported XSS vulnerabilities.
  • subhasish mukherjee https://www.linkedin.com/in/subhasish-mukherjee-40208b29/ - Reported Other.
  • Sudhir Gaikwad - http://facebook.com/suhas00001: Reported XSS vulnerabilities.
  • Suhas Sunil Gaikwad - https://fb.me/suhas00001: Reported XSS vulnerabilities.
  • Sumit Grover - twitter.com/sumgr0 - Reported Subdomain takeover, Cross-site scripting (XSS).
  • Sumit Sahoo - www.facebook.com/54H00: Reported XSS und Path Disclosure vulnerabilities.
  • Sunil Modi: Reported Logout CSRF (Cross Site Request Forgery) vulnerabilities.
  • Suraj Bhosale - linkedin.com/in/suraj-bhosale-876b2937 - Reported Cross-site scripting (XSS).
  • Suresh Nadar - https://twitter.com/snadar73 - Reported Cross-site scripting (XSS).
  • surg4bij4k - https://webpentester.com/ - Reported SQL injection.
  • Surprise Adepitan - Twitter: @catchmeifyuucan - Reported Unrestricted file upload.
  • Suyash Bavalekar - https://bugcrowd.com/Suyash_777 - Reported Clickjacking vulnerabilities.
  • Suyog Palav (S.P.) - facebook.com/suyog.palav & linkedin.com/in/suyog-palav - Reported security mechanism bypass.
  • Sven Großmann - twitter.com/svennergr / https://grossmann.dev - Reported Critical Information Disclosure.
  • Sven Morgenroth - @asdizzle_ http://asdizzle.com/ - Reported XSS vulnerabilities.
  • Swapneil Kumar Dash - https://in.linkedin.com/in/swapneil-dash-7256a5b0 - Cross Site Scripting.
  • Swapnil A. Thaware - @swapnilthaware: Reported CSRF and Clickjacking vulnerabilities.

T

  • Tahmid Islam - https://twitter.com/tahmidnil - Reported Server-side request forgery (SSRF) / Reported Broken Access Control.
  • Talha Gunay - https://twitter.com/redStarP2 - Reported SQL injection, Cross-site scripting (XSS).
  • Tameem Khalid– https://www.linkedin.com/in/tameem-khalid-641a4b192/ - Vulnerability Disclosure
  • Tarun Mahour - https://twitter.com/sratarun?s=09 / https://www.facebook.com/tarunhacks - Reported XSS vulnerabilities.
  • Tarunkant Gupta (SpyD3r) - https://twitter.com/TarunkantG - Reported Remote Code Execution (RCE).
  • T4 - http://twitter.com/llt4l - Reported multiple vulnerabilities.
  • Taufique Azad - taufique@indianhans.org (www.facebook.com/tauazad): Reflected XSS.
  • Tcaciuc Bogdan Vasile - https://twitter.com/xenonxesece - Reported XSS vulnerabilities.
  • Tejash Patel - @tejash1991: Open Redirect.
  • Teemu Kääriäinen - https://www.nixu.com - Reported Remote Code Execution vulnerabilities.
  • Th. Michael Eißele: Multiple XSS vulnerability.
  • Thierno Diop  - Reported outdated and vulnerable software.
  • TightropeMonkey - https://tightropemonkey.dev/ - Reported Broken Authentication.
  • Tijo Davis - https://www.linkedin.com/in/tijo-davis-a906a7141 - Reported Clickjacking, Host Header Injection, HTTP connection, Session Management misconfiguration, XML-RPC vulnerabilities and CSRF vulnerabilities.
  • Tim Philipp Schäfers - IT Consulting Schäfers: Reported XSS vulnerabilities.
  • Tim Wranik - IT-EXPERT - tw@it-expert.de - Reported multiple VoIP Phone firmware vulnerabilities.
  • Timo Lins - www.timolins.at: Reported XSS vulnerabilities.
  • Tobias Holl - https://tholl.xyz/ - Reported Cross-site request forgery (CSRF), Broken Authentication, Remote Code Execution (RCE).
  • Tobias Lins - @tobiaslin5: Reported XSS vulnerabilities.
  • Tomas Labuda (Tomas.Labud@gmail.com): Reported SQL injection.
  • Tommy Elco Geraldi https://www.linkedin.com/in/tommyelcogeraldi/ - Reported Clickjacking, Cross-site scripting (XSS) and Information Disclosure / Reported Server-side request forgery (SSRF) vulnerabilities
  • Tran Gia Phu - Reported Remote Code Execution (RCE).
  • tuo4n8 - VNG Security Response Center@VNG Corporation - https://vsrc.vng.com.vn/ - Reported Remote Code Execution (RCE).
  • Tushar Rajhans Kumbhare: Reported XSS vulnerability.
  • Tushar Sharma - https://www.linkedin.com/in/tushar-sharma-700657139/ - Reported Text Injection vulnerabilities.
  • Tushar Vyas - @iamtusharvyas - Reported several Information Disclosure / Reported User Enumeration / Reported HTTP header vulnerabilities / Reported path traversal vulnerabilities.
  • Tusuubira Emmanuel (kenjoe41) - twitter.com/kenjoe41 - Reported Information Disclosure / Reported User Enumeration.

U

  • Udhaya Prakash - https://www.facebook.com/udhayaprakash.isro, https://www.linkedin.com/in/udhayaisro  - Reported RCE.
  • Umraz Ahmed - www.twitter.com/umrazahmed: Reported XSS vulnerabilities.
  • un_kn0wn - twitter.com/W3ld35u5W - Reported Information Disclosure / Reported Path traversal vulnerabilities.
  • Usama Shahzad - https://www.linkedin.com/in/usama-shahzad/
    Regards - Reported Default login vulnerabilities.

V

  • Vaibhav Khatke-  https://in.linkedin.com/in/javaibs- Reported HTML Injection.
  • Vaibhav Lakhani - twitter.com/vlakhani28 - linkedin.com/in/vaibhav-lakhani - Reported Clickjacking, cross-site scripting (XSS) and security misconfiguration / Reported Information Disclosure and Data manipulation / Reported Broken Access Control / Reported Information Disclosure / Reported User Enumeration / Reported User Enumeration.
  • Vaibhav Nitin Gaikwad - linkedin.com/in/vaibhav-gaikwad-55071b152 - Reported Information Disclosure.
  • Vaidik Pandya (h4x0r_fr34k) - linkedin.com/in/vaidikpandya - Reported Default login and Cross-site scripting (XSS) / Reported Server-side request forgery (SSRF) vulnerabilities.
  • Valeriy Shevchenko https://twitter.com/Krevetk0Valeriy https://krevetk0.medium.com - Reported Remote Code Execution (RCE).
  • Varun Kakumani - Internshala.
  • Vasil A. - https://twitter.com/flexxpoint: Reflected XSS.
  • Vasim Shaikh - https://www.linkedin.com/in/vasim-shaikh-094507110 - https://twitter.com/Vasimsk49 - Reported multiple vulnerabilities.
  • Vasu Deva: Reported Full Path Disclosure vulnerabilities.
  • Vedachala - @vedachalaka: Reported clickjacking vulnerability.
  • Vedachala & Ajay Negi: Reported XSS vulnerability.
  • Vedant Shinde https://www.linkedin.com/in/vedantshinde15 - Reported Clickjacking.
  • VEDHA PRAKASH ACHARY TALLOJU - @iamvedhaprakash - Reported Clickjacking vulnerabilities / Reported HTTP Header Injection vulnerabilities.
  • Veli-Pekka Vainio: Reported XSS vulnerability.
  • Venkata Sateesh Netti - https://twitter.com/str4n63r - Reported Other.
  • Venkateswara Reddy Yaruva & Abhijeth D - Reported XSS vulnerabilities.
  • Venugopal Thotakura - @venugopalt: Reported XSS vulnerability.
  • Victor Curălea - https://twitter.com/VictorCuralea/  - Reported Remote Code Execution (RCE).
  • Vikas Arora - fb.com/vicky.arora.756412 RMAR Technologies Pvt. Ltd: (www.rmar.in): Reflected XSS.
  • Vikash Chaudhary - URL: www.hackersera.in- Reported XSS vulnerabilities.
  • Vikas ShivChandra Yadav - Twitter: @iamvikasyadav: Reported clickjacking vulnerabilities.
  • Vikas Srivastava, India - linkedin.com/in/007vikaxh - twitter.com/007vikaxh - Reported Information Disclosure / Reported User Enumeration / Reported HTTP header and Broken Access Control  and text Injection/context spoofing vulnerabilities.
  • Vinayak Chaturvedi - linkedin.com/in/vinayak-chaturvedi-348b071a1 - Reported Clickjacking.
  • Vindhyachala: CSS.
  • Vineet Kumar - https://bughunter.withgoogle.com/profile/80ae25f5-877d-4402-94e8-7902cacdb4b9 - Reported incorrect DNS entries.
  • Vinesh N. Redkar - @b0rn2pwn AVsecurity.in: Open Redirect, Click Jacking.
  • Vinit Lakra - linkedin.com/in/vinithacker - Reported several HTTP header, Broken Access Control, Broken Authentication vulnerabilities / Reported Clickjacking, Reported Open Redirect, Reported Broken Access Control / Reported HTTP header / Reported Missing rate limit/ Reported several Clickjacking, Reported Information Disclosure / Reported HTML/CSS injection vulnerabilities and Cross-site scripting (XSS) / Reportet Default login vulnerabilities.
  • Vinod Kumar Deekonda - Reported Information Disclosure.
  • Vinod Tiwari - @war_crack: Reported clickjacking vulnerability.
  • Vinod Tiwari & Sumit Shinde: Reported ClickJacking and CSRF vulnerabilities.
  • Vinod Tiwari & Himanshu Thakur: Reported XSS vulnerabilities.
  • v1nzen - https://twitter.com/2021_neo - Reported Path traversal, Reported Broken Access Control.
  • Virang (imwaiting18) - linkedin.com/in/rajyaguruvirang - Reported Information Disclosure.
  • Vishal Barot https://twitter.com/vflexo - Reported Cross-site scripting (XSS).
  • Vishnu Raghav - https://www.linkedin.com/in/vishnu-raghav-783162171 - Reported Open Redirect.
  • Vismit Sudhir Rakhecha - twitter.com/th3_druk - Reported Cross-site request forgery (CSRF).

W

  • Wai Yan Aung – @waiyanaun9: Reported IP-address disclosure
  • Wan Ikram (@rinakikun): Content Spoofing & URL Redirection.
  • Wang Jing - http://tetraph.com/wangjing/ - @justqdjing: Reported open redirect vulnerabilities.
  • Waqeeh Ul Hasan - Twitter: @dowaqeeh: xss vulnerabilities.
  • Wasi Qazi: Reported XSS vulnerability.
  • Web Security Geeks, Narendra Bhati (R00t Sh3ll) - @NarendraBhatiB: Reported directory listing vulnerability.
  • Wen Bin Kong - @kongwenbin / https://www.linkedin.com/in/kongwenbin - Reported XSS vulnerabilities.
  • Wesley Santos - https://www.linkedin.com/in/wesley-santos-34984815b/ - Reported Server-side request forgery (SSRF).
  • Whitesector from Serbia - URL: https://whitesector.wordpress.com, Twitter: https://twitter.com/DistrictWhit3 - Reported an open redirect vulnerability.
  • WSecure - We Secure IT - http://www.wsecure.de - Reported> XSS/MiTM/HSTS/CSP
  • wtm - http://offensi.com - Reported directory listing / information disclosure vulnerabilities.

X

  •  

Y

  • YAHYA JABER ALABDALI - https://www.linkedin.com/mwlite/in/yahya-alabdli - Reported Cross-site scripting (XSS).
  • Yakup Sait B. and Ekin Yazıcı - https://twitter.com/YakupSaitByk, https://twitter.com/yzcekin - Reported Missing rate limit.
  • Yaranis Fonseca - @GordonShomway01: Reported XSS vulnerabilities.
  • Yash kushwah - (@cyberyash951) Linkdin: https://www.linkedin.com/mwlite/in/yash-kushwah-a80449229 - Reported Information Disclosure and User Enumeration..
  • Yash Pandya - www.facebook.com/yash.hacking: Reported XSS vulnerabilities and Information Disclosure.
  • Yasir Altaf Zargar Website - www.cybercoderss.blogspot.com: Reported XSS vulnerabilities.
  • Yasser Janah https://www.linkedin.com/in/yasserjanah/- Reported Remote Code Execution (RCE).
  • Yebo Cao  - https://www.linkedin.com/in/yebocao/ - Reported several Information Disclosure.
  • Yogeesh Seralathan - @y0g1337h: Reported XSS vulnerabilities.
  • Yogesh Modi - facebook.com/mistercracker: CSRF.
  • Yousef Mohamed - linkedin.com/in/yousef-mohamed-124484203 - Reported Default login and Cross-site scripting (XSS) vulnerabilities, Security misconfiguration.
  • Youssef ABYAA - https://twitter.com/josef0x - Reported Open Redirect vulnerabilities.
  • Youssef Ahmed (yghonem) - https://www.facebook.com/yghonem14 - Reported Missing rate limit vulnerabilities.
  • Youssef A. Mohamed - generaleg0x01.com - Reported Arbitrary File Upload.
  • Y. Srikanth - entersoft.co.in: Reflected XSS.
  • Yuji Kosuga - @yujikosuga: Reported XSS vulnerability.
  • Yukesh Kumar [ 3th1c_yuk1 ] - Reported Information Disclosure / 
  • Yunus AYDIN https://twitter.com/aydinnyunuss - Reported Information Disclosure / Reported SQL Injection / Reported Possible DoS Attack.
  • Yunus YILMAZ - https://twitter.com/ynsy34 - Reported XSS (Reflected) vulnerabilities / Reported Open Redirect / Reported Security misconfiguration.

Z

  • Zachary S. Stashis @Nu11ifidian https://redseersecurity.com/  https://www.linkedin.com/in/zacharysstashis/ - Reported several Information Disclosure and several Open Redirect vulnerabilities / Reported HTTP header vulnerabilities / Reported Broken Access Control.
  • Zakaria Amous - https://www.linkedin.com/in/zamous - Reported XSS vulnerabilities.
  • Zax Asif - twitter.com/itsZ4X - Reported Information Disclosure.
  • Zehra Karabiber - https://twitter.com/ezehrakarabiber -  Reported XSS Vulnerability.
  • Zeyad Azima https://www.linkedin.com/in/zeyad-abdelazim-1357911a7/ - Reported Cross-site request forgery (CSRF).
  • Zhenwarx - Twitter.com/ZhenwarX - Reported Information Disclosure; Open Redirect.
  • Zin Min Phyo facebook.com/zinminphy0 - Reported Clickjacking.
  • Zoltan Panczel - https://twitter.com/SilentSignalHU - Reported XXE and File Inclusion vulnerabilities.
  • ZSEC Red Team - https://hackerone.com/zalogroup - Reported Server-side request forgery (SSRF).
  • Zythop - twitter.com/HaboubiAnis - Reported Path traversal.

0-9

  • 13ph03nix - twitter.com/13ph03nix - WEB/LINKEDIN/TWITTER/FB - Reported Cross-site scripting (XSS).
FAQ