Zishan Ahamed Thandar

Bug Bounty Hunter in Kolkata, India

I am a bug bounty hunter and coder from Kolkata, India. I completed my B.Tech (2015) in Automotive Engineering from MAKAUT, WB. My interests range from web development to Hacking.

Achievements:

1. LFI on ctfportal 2018/01/12 Bug LFI. Site rebuilded

2. Xiaomi HoF https://sec.xiaomi.com/fame?year=2018&month=02 2018/02/11

3. Oracle Reflected XSS bug accepted on 16 March 2018. HoF 17 April https://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

4. Asana mail recieved MAR 23, 2018 | Bounty recieved 29 March 2018

5. Acknowledged by Google | added to Google honorable mention on 27 April https://bughunter.withgoogle.com/rank/hm/

6. Clickjacking on Mail.ru reported on 22nd May | bounty received 23rd May https://hackerone.com/reports/355774

7. Stored XSS swag received on 29 Sept, 2018 | PoC video https://youtu.be/izeXqGpYEx8 |Writeup https://link.medium.com/c1kOpwiqEV

8. Reflected XSS on Yahoo Japan Received Thanks on 31st October,2018

9. Reflected XSS on Yahoo.net Got Hof on 1st November, 2018 | Got AOL HoF https://contact.security.aol.com/hof/

10. 1st time Acknowledged by Bangladesh govt (BGD e-GOV CIRT) |SQLi reported 19 Dec, 18

11. 2nd Stored XSS on Edmodo swag received on 13 feb, 2019 | PoC video https://youtu.be/qsRTDMfzD24 |WriteUp https://medium.com/p/fe2ee559e00d

12. 2nd time Acknowledged by Bangladesh gov BGD e-GOV CIRT |SQLi + Admin Panel Takeover 6 March, 19

13. 3rd time Acknowledged by Bangladesh govt (BGD e-GOV CIRT) |SQLi + information disclosure 6 March, 19

14. 3rd Bug on Edmodo swag 17 sept, 2018

15. PostNL HoF on 17 April, 19 https://www.postnl.nl/en/responsible-disclosure/

16. Dutch Govt Swag | Rewarded on 4th April | Received on 9th May, 19

17. ASRC (alibaba.com) Hackerone "METAL MEDAL OF HONOR" on 13 May, 19 | HoF https://hackerone.com/alibaba/thanks/2018 rank 25

18. McDelivery bounty through ecodes voucher | Business logic flaw | reported on 8th April | Rewarded on 22nd May

19. Rewarded certificate of Appreciation from PAYTM on 26 June, 19

20. Instamojo got bounty on 15 July

21. Received bounty from ATT 31 July

22. Zoho HoF https://bugbounty.zoho.com/bb/info

23. Acknowledged by NCIIPC (Govt of India )

24. Hively HoF
https://support.teamhively.com/general-use/i-found-a-bug-what-should-i-do/ August 19

25. EC Council HoF
https://www.eccouncil.org/bug-bounty/hall-of-fame/ August 26

26. finefriends HoF
https://finefriends.social/security/hof August 30

27. got bounty from pay-box.in

Lang: PHP, JAVA, Python, Python, MySQL, HTML5, CSS3, JavaScript, JQuery

  • Education
    • Maulana Abul Kalam Azad University of Technology