Secure Practo - Hall of Fame

Hall of Fame page for thanking security researchers who report security issues

May 22, 2023

Anand Patil reported Insecure Direct Object Reference
Jan 9, 2022

Dhananjaya Kumar N reported Directory Listing Exposing Non Sensitive Data
Dec 26, 2022

Vedant Tiwari, AIIT-Lucknow reported Payment Bypass
Sep 22, 2022

Sahid Ahmad reported Test Credential Exposure via Code
Sep 22, 2022

Jatin Dhankhar reported Test Credential Exposure via Code
Sep 8, 2022

Dip Tarafder reported Spamming
Dec 2, 2021

Yeswanth Reddy reported CRLF Injection
Nov 21, 2021

Subramanian reported Google Maps API Key misconfiguration
Oct 22, 2021

Neeraj Guarav, X-Force Red reported Reflected XSS in Insta
Aug 7, 2021

Dnyanesh Gawande reported EXIF Geolocation Data
Jun 30, 2021

Sourabh Dalodia reported Insecure Direct Object Reference
Jun 29, 2021

Sourabh Dalodia reported Insecure Direct Object Reference
Mar 18, 2021

Ganesh Bagaria reported Potential Subdomain Takeover
Feb 16, 2021

Divya Singh reported CRLF Injection in a subdomain
Jan 30, 2021

Ranjit Pahan reported API Key misconfiguration
Jan 30, 2021

Ranjit Pahan reported Google Maps API Key misconfiguration
Jan 6, 2021

Ashwin V reported Denial of Service
Dec 19, 2020

Staford Titus S reported Session management
Oct 11, 2020

Srikar V reported Reflected XSS in Subdomain
Sep 26, 2020

Omkar Vetal reported Weak Password Reset Implementation
Sep 16, 2020

Ali Hassam reported Spamming
Jul 21, 2020

Prakhar Pipersaniya reported Google Maps API Key misconfiguration
May 28, 2020

Muhammed Korany reported Potential Subdomain Takeover
May 23, 2020

Chakka Sai Teja reported Google Maps API Key misconfiguration
May 9, 2020

Pritam Mukherjee reported Clickjacking
Apr 8, 2020

Shivang Trivedi reported Google Maps API Key misconfiguration
Apr 1, 2020

Vishwas Reddy reported Google Maps API Key misconfiguration
Mar 9, 2020

Sushmitha Katikitala reported HTML Injection
Feb 23, 2020

Saim Sardar reported CAA configuration
Jan 31, 2020

Krishna Chaitanya reported SPF misconfiguration
Dec 20, 2019

Amiya Behera reported Google Maps API Key misconfiguration
Dec 14, 2019

Vikas Rawat reported Reflected XSS
Nov 2, 2019

Sanyam Jain reported Improper Logout
Oct 19, 2019

Anurag Pathak reported Spamming
Sep 15, 2019

Gaurav Popalghat reported Session management
Sep 4, 2019

Ishan Anand reported Session management
Aug 4, 2019

Ambuj Kumar reported Weak bruteforce protection for 2FA
Jul 31, 2019

Joel Verghese reported Stored XSS
Jul 31, 2019

Joel Verghese reported Web Cache Deception
Jul 30, 2019

Pratik Dabhi reported Web Cache Deception
Jul 29, 2019

Joel Verghese reported Reflected XSS
Jul 29, 2019

Joel Verghese reported Broken Admin panel interface
May 3, 2019

Dinesh Dinz reported Potentially Insecure WebView Activity
Apr 29, 2019

Dinesh Dinz reported Improper Logout
Mar 10, 2019

Sanek Larek reported Github wiki unrestricted
Dec 29, 2018

Saurabh Sharma reported Race condition in Cashback
Dec 24, 2018

Raviraj Powar reported Open Redirection
Dec 15, 2018

Mohammed Israil reported Github wiki unrestricted
Nov 21, 2018

Sparrow Hacks reported Clickjacking
Nov 6, 2018

Bhavesh Thakur reported Disclosure of libraries and versions
Oct 15, 2018

Arpit Jain reported Clickjacking
Oct 4, 2018

Arun Kumar reported Clickjacking
Sep 1, 2018

Ratnadip Gajbhiye reported Cookie missing secure flag
Aug 27, 2018

Shivam Kamboj reported Clickjacking
Aug 26, 2018

K.V.Narendra Reddy reported Clickjacking
Aug 24, 2018

Nikhil Bajaj reported Spamming
Aug 8, 2018

Emad Shanab reported Reflected XSS
Jul 30, 2018

Harika Cyberwiz reported Improper Logout
Jul 27, 2018

Anikesh lokhande reported Wordpress Pingback DDoS Attack
Jul 27, 2018

Sahil Mehra reported Clickjacking
Jul 14, 2018

Ishan Anand reported Host injection
Jun 11, 2018

Vinoth Kumar reported JIRA misconfiguration
Apr 28, 2018

Hamid Ashraf reported Session management
Apr 11, 2018

lacroute reported Self-XSS
Mar 28, 2018

xx reported Reflected XSS
Jan 25, 2017

k0t reported Reflected XSS