Logo image

Responsible Disclosure Hall of Fame

This page contains the Hall of Fame, with a (mostly up-to-date) list of all those people that have highlighted security issues to us. It is a direct result of our responsible disclosure policy, which we implemented in December 2012, modeled after the work of Floor Terra.

This page contains the ‘Hall of Fame, with a (mostly up-to-date) list of all those people that have highlighted security issues to us. It is a direct result of our responsible disclosure policy, which we implemented in December 2012, modeled after the work of Floor Terra. This has directed a lot of eyes towards our infrastructures, which spotted a lot of tiny details we would have otherwise missed. While we regularly scan our own infrastructure using automated tools, there are things a human will spot, but a scanner will miss. Having more eyes on the infrastructure means these irregularities are spotted too, allowing us to o provide a more secure environment for our customers, visitors and ourselves.

Reported issues

September 2018
Publicly exposed services with certain vulnerabilities and default configuration were discovered by hogarth45 and Ben Sadeghipour (@nahamsec), rewarded with the thinkgeek card and a donation towards the Room to read.
December 2017
Deprecated Acceptance Site Exposed discovered by Victor Angelier (https://thecodingcompany.se), rewarded with a €50 gift card for Getdigital (#3173)
September  2017
Dom-based XSS discovered by Guifre Ruiz (https://guif.re), rewarded with a 50€ gift card (#2914)
July 2017
Mixed Image Content discovered by Glen Baker, rewarded with a $50 gift card for Thinkgeek (#2603)
June 2017
Reflected XSS discovered by Wen Bin Kong (@kongwenbin, https://linkedin.com/in/kongwenbin) rewarded with a t-shirt (#2634)
October 2016
Information disclosure vulnerability in www.schubergphilis.com discovered by Amjad Kabhad, rewarded with a T-shirt (#724)
September 2016
Undisclosed privilege escalation in central account, discovered by 2 anonymous researchers, awarded with a 100E donation to Room to Read. (#1732)
December 2015
Clickjack protection missing by Suresh Thiyam rewarded with a T-shirt (#1038)
November 2015
SSL misconfiguration discovered by Daniyal Nasir (http://www.zetrew.com) rewarded with a 100E donation to Room to Read (#969)
June 2015
Host header injection discovered by Yassine Aboukir (http://www.yassineaboukir.com) rewarded with a t-shirt (#723)
January 2015 Cross Site Scripting discovered by Osama Mahmood rewarded with a t-shirt (#626)
SSL configuration issue discovered by an anonymous researcher rewarded with a t-shirt (#606) September 2014 XSS via referrer header discovered by Osama Mahmood rewarded with a t-shirt (#500) Autocomplete on password field, discovered by an Anonyous Researcher, rewarded with a 100E donation to Room to Reard (#501) Version disclosure, discovered by an Anonyous Researcher, rewarded with a 100E donation to Room to Reard (#508)
August 2014
Same site scripting, discovered by MTK, rewarded with a t-shirt (#479)
June 2014
Incorrectly secured session cookie, discovered by abhiramThak rewarded with a t-shirt (#437) May 2014
Multiple Cryptographic issues, discovered by S.Venkatesh, rewarded with a t-shirt (#385)
Incorrect SSL configuration photos.schubergphilis.com, discovered by Ch. Muhammad Osama rewarded with a t-shirt
Backup files on website, discovered by an anonymous researcher, rewarded with a t-shirt (#410)
Weak SSL config, discovered by an anonymous researcher, rewarded with a t-shirt (#410)
Weak SSL config, discovered by an anonymous researcher, rewarded with a t-shirt (#411)

May 13, 2014 – Relaunch of schubergphilis.com & cupfighter.net, built in PHP on a Symfony 2.0 framework

May 2014
TRACE allowed in Flash file, discovered by Dushyant Sahu, rewarded with a t-shirt (#384)
Domain Hijacking vulnerability, discovered by Prayas Kulshrestha, rewarded with a donation for Room to Read (#352)
XSS in seccubus.com Contact Form plugin, discovered by Shubham Gupta, rewared with a t-shirt (#381)
TRACE method in seccubus.com, discovered by Muhammad Talha Khan, rewarded with a t-shirt. (#382)
XSS in seccubus.com, discovered by Muhammad Talha Khan, rewarded with a t-shirt. (#392)
April 2014
Apache information Disclosure, discovered by Muhammad Talha Khan, rewarded with a t-shirt. (#307)
March 2014
Yogesh Modi – 12 individual findings –  rewarded with several t-shirts and a donation to room to read (various tickets)
January 2014
Information Disclosure vulnerability, discovered by Basavaraj, reward pending (#230)

Mail spoofing vulnerability, discovered by Prayas Kulshrestha, reward pending (#237)
Information Disclosure via parsable backup files in schubergphilis.com discovered by Siddesh Gawde, reward pending (#242)
No XFO on a VPN webinterface, discovered by Prayas Kulshrestha, reward pending (#244)
XSS on seccubus.com, discovered by Rodolfo Godalle, Jr. , rewarded with a € 100,- donation to Room to Read (#304)
February 2014
Open Dir listing in v2.seccubus.com, discovered by Florindarck of Romanian Security Team rewarded with a t-shirt  (#309)
March 2014
Click Jacking vulnerability, discovered by Hari Krishnan, rewarded with a t-shirt (#338)
November 2013
CSRF in seccubus.com discovered by Jatinpreet Singh, reward pending (#208)
CSRF in cupfighter.com discovered by Siddhesh Gawde, reward pending (#209)
DOM XSS vulnerability in photos.schubergphilis.com discovered by Siddhesh Gawde, reward pending (#210)
Name servers software version exposure discovered by Jatinpreet Singh, reward pending (#218)
December 2013
Clickjack vulnerability in service.schubergphilis.com discovered by Yogesh Modi, rewarded with a € 100,- donation to Room to Read(#227)
Open redirect in photos.schubergphilis.com, discovered by Siddesh Gawde, reward pending(#233)
October 2013
XSS on www.cupfighter.net via double encoded URL discovered by Sahil Saif, rewarded with a t-shirt (#163)
XSS on www.schubergphilis.com discovered by Sudhanshu Chauhan, rewarded with a € 100,- donation to Room to Read(#175)
XSS on www.schubergphilis.com discovered by Sergey Bobrov of Positive Technologies rewarded with a t-shirt (#176)
Failure to clean up DNS records led to vulnerable servers being visible in our infrastructure discovered by Narendra Bhati (R00t Sh3ll) of Cyber Octet Pvt. Ltd. rewarded with a t-shirt (#182)
Clickjack vulnerability in xxx.schubergphilis.com discovered by  Siddhesh Gawde rewarded with a t-shirt (#194)
Directory listing vulnerability and a CLickjacking vulnerability in www.seccubus.com discovered by Hammad Shamsi rewarded with a t-shirt(#195 and #200)
Directory listing vulnerability in www.seccubus.com discovered by Siddhesh Gawde reward pending (#196)
Zone transfer not prohibited, discovered by Adam Ziaja rewarded with a t-shirt (#199)
September 2013
Cookie/session handling vulnerability in xxx.schubergphilis.com discovered by an anonymous researcher, reward pending (#136)
Cross Site Request Forgery in xxx.schubergphilis.com discovered by Siddhesh Gawde rewarded with a t-shirt (#129)
Information disclosure vulnerability in jira.schubergphilis.com discovered by Kamil Sevi rewarded with a t-shirt (#137)
HTML injection in xxx.schubergphilis.com discovered by Siddhesh Gawde rewarded with a t-shirt (#148)
ClickJack vulnerability on xxx.schubergphilis.com discovered by an Devesh Bhatt, rewarded with a t-shirt (#155)
XSS on www.schubergphilis.com via flash discovered by Gökmen GureÅŸçi rewarded with a t-shirt (#157)
August 2013
Information disclosure vulnerability in www.schubergphilis.com discovered by Javid Hussain rewarded with t-shirt (#31)
Three cross site scripting vulnerabilities in www.schubergphilis.com discovered by Jon of Bitquark Security Research rewarded with two t-shirts and a € 100,- donation to Room to Read (#35)
XSS on www.schubergphilis.com discovered by Frans Rosén of Detectify rewarded with a € 100,- donation to Room to Read (#36)
The same XSS on www.schubergphilis.com also discovered by Sergey Markov rewarded with a t-shirt (#39)
Another XSS on www.schubergphilis.com also discovered by Sergey Markov rewarded with a t-shirt (#45)
Three SSL issues and two click jacking issues discovered by Ankit Bharathan rewarded with two t-shirts (#52) & (#54)
XSS in photos.schubergphilis.com discovered by Siddhesh Gawde rewarded with a t-shirt (#58)
WAF configuration issue discovered by Arpit Gupta as well as Mariano Di Martino and Prakhar Prasad all three rewarded with a t-shirt. (#60) and (#113)
CSRF issue on xxx.schubergphilis.com discovered by Tejash Patel rewarded with a € 100,- donation to Room to Read (#109)
Click Jack vulnerability on xxx.schubergphilis.com discovered by Siddhesh Gawde rewarded with a t-shirt (#119)
Stored XSS on xxx.schubergphilis.com discovered by Siddhesh Gawde rewarded with a € 100,- donation to Room to Read (#122)
July 2013
Clickjacking vulnerability on SSL VPN device discovered by Surya Kumar rewarded with a t-shirt (#10)
XSS in www.schubergphilis.com via flash discovered by Darius Petrescu and (akkiliON) rewarded with a t-shirt (#11)
Information disclosure via error page on jira.schubergphilis.com discovered by Atul Shedage rewarded with a € 100,- donation to Room to Read (#12)
Insecure SSL renegotiation on SSL VPN and missing cross domain policy on photos.schubergphilis.com discovered by Harsha Vardhan Bappana (#14)
Clickjacking vulnerability in photos.schubergphilis.com discovered by Tushar Kumbhare of Defencely rewared with a € 100,- donation to Room to Read (#16)
XSS in www.schubergphilis.com discovered by SimranJeet Singh rewarded with a t-shirt (#17)
Clickjacking vulnerability in news.schubergphilis.com discovered by Javid Hussain rewarded with t-shirt (#18)
Clickjacking vulnerability in jira.schubergphilis.com discovered by Jigar Thakkar of Infobit rewarded with a t-shirt (#20)
Content spoofing in xxx.schubergphilis.com discovered by Jay Turla rewarded with a t-shirt (#21)
XSS on www.schubergphilis.com discovered by Olivier Beg rewarded with a t-shirt (#22)
June 2013
XSS in photo.schubergphilis.com discovered by Florindarck of Romanian Security Team rewarded with a t-shirt (#9)
May 2013
Cross Site Scripting vulnerability (XSS) in www.schubergphilis.com discovered by Yaroslav Olejnik – O.J.A. rewarded with a t-shirt (#7)
XSS in www.schubergphilis.com discovered by Danish Tariq and Ali hassah ghauri rewarded with a t-shirt (#8) 

MORE NEWS

blank

(Terraform) AWS management using your Google account

TL;DR This Terraform plan will provide you with access to your …
blank

AWS re:invent blog coverage

A group of 20+ Schuberg Philis colleagues is attending the AWS …
blank

Schuberg Philis joins the AWS Managed Services Partner program

Dutch IT service provider certified as Managed Services Partner …