Bug hunters program

We've created a bug hunting program on OpenBugBounty that allows us to improve the security and reliability of Litmind thanks to the reports that passionate security experts send us.

The economically paid rewards of our OpenBugBounty are closed for the moment and we're only rewarding hunters with the addition to the Hall of fame and a written recommendation in their profiles on openbugbounty.org. We will open back soon our paid rewards when we're sure we can compensate all of them adequately. Meanwhile, thank you to all hunters that helped us during the bloodbath!

Hunters hall of fame

These are the hunters that contributed to the improvement of the security and reliability in our reign by discovering the secret dens where bugs were hidden and slaying them to the joy and admiration of all Litmind users. Their courage and deeds will be remembered with honor and respect:

  • Kshitiz Raj
    This brave hunter found that the bug he found some time ago wasn't completely dead at all, and came back to help us exterminate it. The bug has been exterminated and checked to be completely dead.
  • Gaurav Kumar
    This knight found a bug of the XSS species that could allow an attacker to redirect users to a site of their liking, execute arbitrary javascript and other nasty stuff. The bug has been exterminated.
  • Anjali Prakash
    Found a bug that might allow an attacker to keep access to a user if he discovered his password, even after the user changed his password, if the user changed it without being logged in. The bug has been exterminated.
  • Tushar Rasam
    Found some dead links that might allow an attacker to get those expired domains and impersonate the original owners. The bugs have been exterminated.
  • Kshitiz Raj
    He found a nest where three XSS bugs were hiding that might've caused an attacker to redirect a user to a phishing site or similar. The bugs have been exterminated.
  • Ayush Mangal
    He found a bug that could allow a malicious user to send many invitation, signup or account cancellation emails very fast, bothering other people's inbox and incurring in extra cost to us. The bug has been exterminated.
  • Vikas Srivastava, India
    Reported a bug that might've been used by an attacker to perform certain kinds of phishing attacks. The bug has been exterminated.
  • Virendra Tiwari
    Found a bug that might've allowed an attacker to learn some interesting information about the web server. The bug has been exterminated.
  • Gaurav Ghule
    Found a bug in our email server configuration that might've allowed an attacker to send emails impersonating Litmind and that those emails entered the user's mailbox as non-spam. The bug has been exterminated.
  • Pranav Yadav
    Found a bug that might allow users to send account activation emails without limits, which might've caused flooding in our email server and cause unexpected costs. Also found a bug that, under certain conditions, might've allowed an attacker to see the profile edit page of the user who used the computer after he has logged out. Found some XSS-type bugs that might allow an attacker to impersonate a user. Found a vulnerability in our email server that might've allowed an attacker to send a phishing attack. The bugs have been exterminated.
  • Aakash
    Found a vulnerability that allowed users to set passwords that were too easy to guess, and a vulnerability that would allow an attacker to signup other users very fast and bother them via email. The bugs have been exterminated.
  • Pranav Yadav
    He found a small but annoying bug that might've caused an attacker to cause charges in our Google account by exploting our Maps API key. Also found a bug that might've allowed an attacker to send a flood attack of emails that might've also caused unexpected extra costs. The bug has been exterminated.
  • Yousuf Khan
    Found a tricky bug that could allow attackers to bypass the requirement to provide a signup authorization document when it is required. The bug has been exterminated.
  • Febin Mon Saji
    Febin found a nest of three bugs that might've allowed an attacker to create web pages that would send invitations to users, a little one that may expose some juicy information of the site's backend technology and a weird third one that would allow for a specific kind of social engineering attacks to be done. The entire nest of bugs has been exterminated.
  • Prathamesh Surekha Prakash Pawar
    He found a bug that could allow an attacker to check if a certain user has an account. The bug has been exterminated.
  • Shekhar Nandal
    This honorable knight found a bug that could allow an attacker to change a user's password by reusing old password reset links if he also hacked his email account, even after the user changes his email account password. The bug has been exterminated.
  • Taha
    Found a slimy XSS bug that could allow an attacker to execute javascript on the user browser via the login form. The bug has been exterminated.
  • Gorgutz
    Found a bug that might allow an attacker to compromise the database using blind SQL Injection. The bug has been exterminated.
  • Shivam Pravin Khambe
    Found a stubborn bug that might've caused an attacker to gain access to a user account by stealing his cookie information after he logged out. The bug has been exterminated.
  • k0t
    K0t found an elusive bug that might've allowed XSS-type attacks in URL redirections. The bug has been exterminated.
  • Prathamesh Surekha Prakash Pawar
    After a long search, Prathamesh found a bug that would allow an attacker to regain access to a compromised account even after the user changed his password, if he also compromised the user's email account. The bug has been exterminated.
  • Gorgutz
    Found a bug that could allow an attacker to takeover another user's account. The bug has been exterminated.
  • Shlok Amana
    Has found two bugs that might allow attackers to keep access to a compromised user account even when they change their email or password, if they have also compromised the user's email account. The bugs have been exterminated.
  • GM Auntor and Shlok Amana
    Found a bug that could allow an attacker to send emails to users by brute-forcing the password recovery form. The bug has been exterminated.
  • Febin Mon Saji
    Found a bug that would allow CSRF attacks via the profile edition form, a bug that would allow an attacker to redirect a user to an external website and a bug that would allow an attacker to gain followers via a CSRF attack. The bugs have been exterminated.
  • devl00p
    Found a bug that would allow XSS attacks when using links that require authentication. The bug has been exterminated.
We use cookies with respect. More information
Accept