Zishan Ahamed Thandar

Bug Bounty Hunter in Kolkata, India

I am a bug bounty hunter and coder from Kolkata, India. I completed my B.Tech in Automotive Engineering at 2015 from MAKAUT, WB. My interests range from web development to programming. I am also interested in technology and entrepreneurship.

You can click the button above to hire me. If you’d like to get in touch, feel free to say hello through any of the social links below.

Hall of fame:

1. LFI on ctfportal 2018/01/12 Bug: LFI in ctf which can lead to Info disclosure. Site rebuilded

2. Xiaomi HoF | Bounty not got till now| https://sec.xiaomi.com/fame?year=2018&month=02 2018/02/11 Bug: not disclosed

3. Oracle Reflected XSS bug accepted on 16 March 2018. HoF 17 April https://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

4. Asana mail recieved MAR 23, 2018 | Bounty recieved 29 March 2018

5. Acknowledged by Google | added to Google honorable mention on 27 April https://bughunter.withgoogle.com/rank/hm/

6. Clickjacking on Mail.ru reported on 22nd May | bounty recieved 23rd May| public disclosure on june 8th https://hackerone.com/reports/355774

7. Stored XSS on Edmodo swag rewarded on 17 sept, 2018 | swag recieved on 29 Sept, 2018 | PoC video https://youtu.be/izeXqGpYEx8

8. Reflected XSS on Yahoo Japan Recieved Thanks on 31st October,2018

9. Reflected XSS on Yahoo.net Got Hof on 1st November, 2018 | Got AOL HoF https://contact.security.aol.com/hof/

10. 1st time Acknowledged by Bangladesh govt (BGD e-GOV CIRT) |SQLi reported on 18 dec,18 |Acknowledged on 19 Dec, 18

11. 2nd Stored XSS on Edmodo swag rewarded | swag recieved on 13 feb, 2019 | PoC video coming soon

12. 2nd time Acknowledged by Bangladesh govt (BGD e-GOV CIRT) |SQLi + Admin Panel Takeover reported on 5 March, 19 |Acknowledged on 6 March, 19

13. 3rd time Acknowledged by Bangladesh govt (BGD e-GOV CIRT) |SQLi + information disclosure reported on 5 March, 19 |Acknowledged on 6 March, 19



Sample php mysql Projects:



PHP, JAVA, Python, Python3, MySQL, HTML5, CSS3, JavaScript, JQuery, bootstrap, WordPress, pen testing, Web Application Testing.



See more at: http://zishandownloadfree.blogspot.com/2012/09/zishanbsnsmn_18.html

  • Education
    • Maulana Abul Kalam Azad University of Technology