Zishan Ahamed Thandar

Bug Bounty Hunter in Kolkata, India

I am a bug bounty hunter and coder from Kolkata, India. I completed my B.Tech in Automotive Engineering at 2015 from MAKAUT, WB. My interests range from web development to Hacking.

Hall of fame:

1. LFI on ctfportal 2018/01/12 Bug: LFI in ctf which can lead to Info disclosure. Site rebuilded

2. Xiaomi HoF https://sec.xiaomi.com/fame?year=2018&month=02 2018/02/11 Bug: not disclosed

3. Oracle Reflected XSS bug accepted on 16 March 2018. HoF 17 April https://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

4. Asana mail recieved MAR 23, 2018 | Bounty recieved 29 March 2018

5. Acknowledged by Google | added to Google honorable mention on 27 April https://bughunter.withgoogle.com/rank/hm/

6. Clickjacking on Mail.ru reported on 22nd May | bounty recieved 23rd May| public disclosure on june 8th https://hackerone.com/reports/355774

7. Stored XSS on Edmodo swag rewarded on 17 sept, 2018 | swag recieved on 29 Sept, 2018 | PoC video https://youtu.be/izeXqGpYEx8 |Writeup https://link.medium.com/c1kOpwiqEV

8. Reflected XSS on Yahoo Japan Recieved Thanks on 31st October,2018

9. Reflected XSS on Yahoo.net Got Hof on 1st November, 2018 | Got AOL HoF https://contact.security.aol.com/hof/

10. 1st time Acknowledged by Bangladesh govt (BGD e-GOV CIRT) |SQLi reported on 18 dec,18 |Acknowledged on 19 Dec, 18

11. 2nd Stored XSS on Edmodo swag rewarded | swag recieved on 13 feb, 2019 | PoC video https://youtu.be/qsRTDMfzD24 |WriteUp https://medium.com/p/fe2ee559e00d

12. 2nd time Acknowledged by Bangladesh govt (BGD e-GOV CIRT) |SQLi + Admin Panel Takeover reported on 5 March, 19 |Acknowledged on 6 March, 19

13. 3rd time Acknowledged by Bangladesh govt (BGD e-GOV CIRT) |SQLi + information disclosure reported on 5 March, 19 |Acknowledged on 6 March, 19

14. 3rd Bug on Edmodo swag rewarded on 17 sept, 2018 | swag received on 29 Sept, 2018

15. PostNL HoF on 17 April, 19 https://www.postnl.nl/en/responsible-disclosure/

16. Dutch Govt Swag | Rewarded on 4th April | Received on 9th May, 19

17. ASRC Hackerone "METAL MEDAL OF HONOR" on 13 May, 19 | HoF https://hackerone.com/alibaba/thanks/2018 rank 25

18. McDelivery bounty through ecodes voucher | Business logic flaw | reported on 8th April | Rewarded on 22nd May

19. Rewarded certificate of Appreciation from PAYTM on 26 June, 19


Lang: PHP, JAVA, Python, Python, MySQL, HTML5, CSS3, JavaScript, JQuery

Codecademy.com/ZishanAdThandar

Sololearn.com/Profile/4174745

See more at: http://zishandownloadfree.blogspot.com/2012/09/zishanbsnsmn_18.html

  • Education
    • Maulana Abul Kalam Azad University of Technology