Bug hunters program

We've created a bug hunting program on OpenBugBounty that allows us to improve the security and reliability of Litmind thanks to the reports that passionate security experts send us.

The economically paid rewards of our OpenBugBounty are closed for the moment and we're only rewarding hunters with the addition to the Hall of fame and a written recommendation in their profiles on openbugbounty.org. We will open back soon our paid rewards when we're sure we can compensate all of them adequately. Meanwhile, thank you to all hunters that helped us during the bloodbath!

Hunters hall of fame

These are the hunters that contributed to the improvement of the security and reliability in our reign by discovering the secret dens where bugs were hidden and slaying them to the joy and admiration of all Litmind users. Their courage and deeds will be remembered with honor and respect:

  • Ashish Chaubey
    Ashish found a nasty bug attached to a broken link. The bugs have been exterminated.
  • Sanyam Chawla
    Sanyam found two hidden bugs in the form of broken links. The bugs have been exterminated.
  • Shubham Pandey
    Shubham helped us improving the security at our site by responsibly reporting a security bug he found. The bug has been exterminated.
  • Kshitiz Raj
    Raj the relentless knight defeated four more bugs without any mercy! The bugs have been exterminated.
  • Viren Saroha
    Viren the young knight found various bugs that were hidden beneath some abandoned links. The bugs have been exterminated.
  • Kshitiz Raj
    Raj the knight came back again to slay yet another bug! The bug has been exterminated.
  • Alan Roy
    This brave knight detected suspicious activity of a bug that could've provided an attacker an easier way to try and change user passwords. The bug has been exterminated.
  • Tej Kumar
    This hunter came back to us to tell us about his latests deeds, he found two more bugs and helped us finish them! The bugs have been exterminated.
  • Nehal Pillai
    This honorable knight found a bug that might've allowed an attacker to bomb the password change feature for our users. The bug has been exterminated.
  • Akshay Gaikwad
    Akshay found some hidden bugs of the XSS species buried in our source code, and helped us trap them down. The bugs have been exterminated.
  • Tej Kumar
    This bug hunter found a vulnerability that might've allowed an attacker to see the activity about likes, comments and similar events from other users. The bug has been exterminated.
  • Kinshuk Kumar
    This bug hunter found a bug that might've allowed an attacker to intercept a user's cookie while in an unsecure connection. The bug has been exterminated.
  • Nitesh Singh
    Nitesh found a hidden bug that might've allowed some XSS nasty things to sneak in. The bug has been exterminated.
  • Karan Keswani
    This knight reported a bug that might've allowed an attacker to get files linked to chat messages from other users. The bug has been exterminated.
  • Raajesh.G
    This noble knight found a bug that might've caused a memory exhaustion exploit. The bug has been exterminated.
  • Kshitiz Raj
    This courageous hunter came back to us after his last bug carnage to let us know about some other hidden bugs that he found, that might have allowed an attacker to exploit an XSS and and open redirect vulnerability. The bugs have been exterminated.
  • Siddharth Bose
    Found a bug in our email configuration that might've allowed an attacker to perform a phishing attack. The bug has been exterminated.
  • Sohail Shaikh
    This young and brave knight found an XSS in our user search page. The bug has been exterminated.
  • Taha
    Found a tricky bug from the reflected XSS species in the login page. The bug has been exterminated.
  • Tarlix
    Found a bug that might've allowed an attacker to execute JavaScript code in the user's browsers when they were visiting the photos in the attacker's portfolio. The bug has been exterminated.
  • Febin Mon Saji
    Found a nest of bugs that might've allowed an attacker to get likes from other users, invite other users to groups and similar. The bugs have been exterminated.
  • Md Sameull Islam
    Found an ugly XSS bug that could allow attackers to publish ads on the noticeboard via other user's accounts. The bug has been exterminated.
  • Kshitiz Raj
    This brave hunter found that the bug he found some time ago wasn't completely dead at all, and came back to help us exterminate it. The bug has been exterminated and checked to be completely dead.
  • Gaurav Kumar
    This knight found a bug of the XSS species that could allow an attacker to redirect users to a site of their liking, execute arbitrary javascript and other nasty stuff. The bug has been exterminated.
  • Anjali Prakash
    Found a bug that might allow an attacker to keep access to a user if he discovered his password, even after the user changed his password, if the user changed it without being logged in. The bug has been exterminated.
  • Tushar Rasam
    Found some dead links that might allow an attacker to get those expired domains and impersonate the original owners. The bugs have been exterminated.
  • Kshitiz Raj
    He found a nest where three XSS bugs were hiding that might've caused an attacker to redirect a user to a phishing site or similar. The bugs have been exterminated.
  • Ayush Mangal
    He found a bug that could allow a malicious user to send many invitation, signup or account cancellation emails very fast, bothering other people's inbox and incurring in extra cost to us. The bug has been exterminated.
  • Vikas Srivastava, India
    Reported a bug that might've been used by an attacker to perform certain kinds of phishing attacks. The bug has been exterminated.
  • Virendra Tiwari
    Found a bug that might've allowed an attacker to learn some interesting information about the web server. The bug has been exterminated.
  • Gaurav Ghule
    Found a bug in our email server configuration that might've allowed an attacker to send emails impersonating Litmind and that those emails entered the user's mailbox as non-spam. The bug has been exterminated.
  • Pranav Yadav
    Found a bug that might allow users to send account activation emails without limits, which might've caused flooding in our email server and cause unexpected costs. Also found a bug that, under certain conditions, might've allowed an attacker to see the profile edit page of the user who used the computer after he has logged out. Found some XSS-type bugs that might allow an attacker to impersonate a user. Found a vulnerability in our email server that might've allowed an attacker to send a phishing attack. The bugs have been exterminated.
  • Aakash
    Found a vulnerability that allowed users to set passwords that were too easy to guess, and a vulnerability that would allow an attacker to signup other users very fast and bother them via email. The bugs have been exterminated.
  • Pranav Yadav
    He found a small but annoying bug that might've caused an attacker to cause charges in our Google account by exploiting our Maps API key. Also found a bug that might've allowed an attacker to send a flood attack of emails that might've also caused unexpected extra costs. The bug has been exterminated.
  • Yousuf Khan
    Found a tricky bug that could allow attackers to bypass the requirement to provide a signup authorization document when it is required. The bug has been exterminated.
  • Febin Mon Saji
    Febin found a nest of three bugs that might've allowed an attacker to create web pages that would send invitations to users, a little one that may expose some juicy information of the site's backend technology and a weird third one that would allow for a specific kind of social engineering attacks to be done. The entire nest of bugs has been exterminated.
  • Prathamesh Surekha Prakash Pawar
    He found a bug that could allow an attacker to check if a certain user has an account. The bug has been exterminated.
  • Shekhar Nandal
    This honorable knight found a bug that could allow an attacker to change a user's password by reusing old password reset links if he also hacked his email account, even after the user changes his email account password. The bug has been exterminated.
  • Taha
    Found a slimy XSS bug that could allow an attacker to execute javascript on the user browser via the login form. The bug has been exterminated.
  • Gorgutz
    Found a bug that might allow an attacker to compromise the database using blind SQL Injection. The bug has been exterminated.
  • Shivam Pravin Khambe
    Found a stubborn bug that might've caused an attacker to gain access to a user account by stealing his cookie information after he logged out. The bug has been exterminated.
  • k0t
    K0t found an elusive bug that might've allowed XSS-type attacks in URL redirections. The bug has been exterminated.
  • Prathamesh Surekha Prakash Pawar
    After a long search, Prathamesh found a bug that would allow an attacker to regain access to a compromised account even after the user changed his password, if he also compromised the user's email account. The bug has been exterminated.
  • Gorgutz
    Found a bug that could allow an attacker to takeover another user's account. The bug has been exterminated.
  • Shlok Amana
    Has found two bugs that might allow attackers to keep access to a compromised user account even when they change their email or password, if they have also compromised the user's email account. The bugs have been exterminated.
  • GM Auntor and Shlok Amana
    Found a bug that could allow an attacker to send emails to users by brute-forcing the password recovery form. The bug has been exterminated.
  • Febin Mon Saji
    Found a bug that would allow CSRF attacks via the profile edition form, a bug that would allow an attacker to redirect a user to an external website and a bug that would allow an attacker to gain followers via a CSRF attack. The bugs have been exterminated.
  • devl00p
    Found a bug that would allow XSS attacks when using links that require authentication. The bug has been exterminated.

We use cookies respectfully