“Harinder helped us identify a bug where we exposed metrics endpoint. Thanks Harinder for letting us know!”
Activity
-
Happy to secure one more 75th hof Tysm Mayank Gandhi Trilok Dhaked Vinit Lakra Harinder S. checklist i used - (https://lnkd.in/gA6pZag2)
Happy to secure one more 75th hof Tysm Mayank Gandhi Trilok Dhaked Vinit Lakra Harinder S. checklist i used - (https://lnkd.in/gA6pZag2)
Liked by Harinder S.
-
Happy to secure Apple 74th hall of fame Tysm everyone who helped me in this journey Harinder S. Vinit Lakra Trilok Dhaked Mayank Gandhi
Happy to secure Apple 74th hall of fame Tysm everyone who helped me in this journey Harinder S. Vinit Lakra Trilok Dhaked Mayank Gandhi
Liked by Harinder S.
-
Another Hall of Fame Achievement! 🎉 Thrilled to share that I’ve been recognized in the Hall of Fame on Roll20.net! 🏆 After dedicating time to…
Another Hall of Fame Achievement! 🎉 Thrilled to share that I’ve been recognized in the Hall of Fame on Roll20.net! 🏆 After dedicating time to…
Liked by Harinder S.
Honors & Awards
-
CVE-2024-47826
https://github.com/elabftw/
Impact
This vulnerability allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show mode), "database.php" (show mode) or "search.php". It works by providing HTML code in the extended search string, which will then be displayed back to the user in the error message.
This means that injected HTML will appear in a red "alert/danger" box, and be part of an error message. Due to some other security measures, it is not possible to execute arbitrary javascript…Impact
This vulnerability allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show mode), "database.php" (show mode) or "search.php". It works by providing HTML code in the extended search string, which will then be displayed back to the user in the error message.
This means that injected HTML will appear in a red "alert/danger" box, and be part of an error message. Due to some other security measures, it is not possible to execute arbitrary javascript from this attack.
As such, this attack is deemed low impact.
Patches
Users should upgrade to at least version 5.1.5.
Workarounds
No workarounds, only upgrade.
References
Description of HTML Injection: https://www.acunetix.com/vulnerabilities/web/html-injection/ -
Bounty from INDMoney
INDMoney
https://drive.google.com/file/d/1JNEw2rvcBJMpHAxgCmo3ENq7K_6QtjZs/view?usp=sharing
-
Bounty from Mozilla Firefox
Mozilla
-
Letter of Appreciation from verizon.com
verizon.com
verizon.com
-
Letter of Appreciation from buyerlink.com
buyerlink.com
buyerlink.com
-
AEM XSS on hyundaiusa.com
hyundaiusa.com
hyundaiusa.com
-
Appreciation and 1 month free subscription on roll20.net
roll20.net
roll20.net
-
Appreciation from cbs.nl
cbs.nl
cbs.nl
-
Voucher from Times Prime
timesprime.com
Voucher for reporting Vulnerability.
-
1 Year Subscription Gift Card and Appreciation from JetBrains
jetbrains.com
jetbrains.com
-
Acknowledgement from Basf.com
basf.com
responsible-disclosure@basf.com
-
Acknowledgment from Team Viewer
teamviewer.com
teamviewer.com
-
Appreciation from Canon
canon.com
Canon
-
Appreciation from dlink.com
security@dlink.com
security@dlink.com
-
Appreciation from square-enix.com
square-enix.com
DPO@eu.square-enix.com
-
Hall of Fame from evri.com
https://www.evri.com/responsible-disclosure-policy
https://www.evri.com/responsible-disclosure-policy
-
Hall of Fame from phenom.com
phenom.com
cybersecurity@phenompeople.com
-
Acknowledgment from Mcafee
mcafee.com
https://www.mcafee.com/support/?page=shell&shell=article-view&locale=en-US&articleId=TS102504https://www.mcafee.com/support/?page=shell&shell=article-view&locale=en-US&articleId=TS102504
-
Acknowledgment from Infoblox.com
Infoblox.com
https://www.infoblox.com/company/legal/vulnerability-responsible-disclosure-policy/
-
Letter of Appreciation from Dutch Tax and Customs Administration,
Dutch Tax and Customs Administration,
Dutch Tax and Customs Administration,
-
HOF and Swag from BugXS
Bugxs.co
Bugxs.co
-
Swag from Dutch Judiciary
rechtspraak.nl
rechtspraak.nl
-
Swag from hetwaterschapshuis.nl
cert@hetwaterschapshuis.nl
cert@hetwaterschapshuis.nl
-
Swag from urban.io
urban.io
vulnerabilities@urban.io
-
Swag from Stackhawk.com
Stackhawk.com
Stackhawk.com
-
Thank you mail from barco.com
barco.com
barco.com
-
Thank you mail from deutschebahn.com
deutschebahn.com
deutschebahn.com
-
Thank you mail from dnanexus.com
security@dnanexus.com
security@dnanexus.com
-
Hall of Fame and Swag
https://www.geocod.io/responsible-disclosure-policy/#hall-of-fame
https://www.geocod.io/responsible-disclosure-policy/#hall-of-fame
-
Swag from Internet.nl
internet.nl
internet.nl
-
Thank you mail for Finding SSRF on EA Games
https://www.ea.com/security/disclosure
https://www.ea.com/security/disclosure
-
Appreciation mail from airbaltic.com
airbaltic.com
airbaltic.com
-
Apreecation from Unive.nl
https://www.unive.nl/kwetsbaarheid-melden
https://www.unive.nl/kwetsbaarheid-melden
-
Letter of Appreciation from Weaveworks
Weaveworks
Weave.works
-
Bosch Hall of Fame
Bosch
https://psirt.bosch.com/hall-of-fame/websites-hall-of-fame.html
-
Hall of Fame and Letter of Appreciation from DSPH
dsph.org
-
Hall of Fame from Telefónica Germany
https://bugcrowd.com/telefonicavdp
https://bugcrowd.com/telefonicavdp
-
Spotlight Award
FIS
This is provided by FIS RISC Team to the team member whom they believe contributed the most to their success Journey.
I was organized, efficient and Iworked hard on the right things, -
Reward and Swag from Zerocopter
Zerocopter
Zerocopter.com
-
Hall of Fame fromm Rackspace.com
https://www.rackspace.com/information/legal/rsdp
https://www.rackspace.com/information/legal/rsdp
-
Letter of Appreciation from Takealot
https://www.takealot.com/help/responsible-disclosure-policy
https://www.takealot.com/help/responsible-disclosure-policy
-
Swag from Dutch Government
https://www.government.nl/topics/cybercrime/fighting-cybercrime-in-the-netherlands/responsible-disclosure
Reflected XSS
-
Swag from MongoDB
Mongodb
www.mongodb.com
-
Swag from MongoDB
https://www.mongodb.com/security
https://www.mongodb.com/security
-
Acknowledgement Mail from Audi Marin
https://www.audimarin.com/responsible-disclosure.htm
https://www.audimarin.com/responsible-disclosure.htm
-
Acknowledgement Mail from Red-Gate
https://www.red-gate.com/support/security
https://www.red-gate.com/support/security
-
Hall of Fame Citi Bank(Bugcrowd)
Citi Bank
-
Hall of Fame from Knaw.nl
https://www.knaw.nl/en/topnavigatie/contact/responsible-disclosure-2013-hall-of-fame
https://www.knaw.nl/en/topnavigatie/contact/responsible-disclosure-2013-hall-of-fame
-
Hall of Fame from Proofpoint
https://www.proofpoint.com/security
https://www.proofpoint.com/security
-
Hall of Fame from Thumbtack.com
https://help.thumbtack.com/article/responsible-disclosure-policy
https://help.thumbtack.com/article/responsible-disclosure-policy
-
Hall of Fame from VIce.com
https://www.vice.com/en/page/vice-responsible-disclosure-policy
https://www.vice.com/en/page/vice-responsible-disclosure-policy
-
Hall of fame from Cysco.com
https://cyso.com/en/about/legal/cyso-wall-of-fame/
https://cyso.com/en/about/legal/cyso-wall-of-fame/
-
Thank you mail from Apache.org
https://www.apache.org/security/
Found XSS
-
Thank you mail from Apache.org
https://www.apache.org/security/
Found XSS
-
Thank you mail from remote.com
remote.com
Found information Disclosure (log details leaked through endpoints)
-
Acknowledgement Mail from ebanx.com
ebanx.com
ebanx.com
-
Hall of Fame from Drupal.org
https://www.drupal.org/drupalorg/docs/build/drupalorg-bug-bounty-program#s-thank-you-for-reporting-drupalorg-issues
https://www.drupal.org/drupalorg/docs/build/drupalorg-bug-bounty-program#s-thank-you-for-reporting-drupalorg-issues
-
Hall of Fame from easysoftwaredeployment.nl
easysoftwaredeployment.nl
easysoftwaredeployment.nl
-
Reward from Centralbank.net
centralbank.net
centralbank.net
-
Reward from Platform161.com
Platform161.com
Rewarded Twice
-
Acknowledgement Mail from Safesend
http://www.safesend.com/
http://www.safesend.com/
-
Acknowledgement Mail from Drupal.org
https://lists.drupal.org/mailman/listinfo/security
https://lists.drupal.org/mailman/listinfo/security
-
Acknowledgement Mail from Redislab.com
redislabs.com
redislabs.com
-
Acknowlegment Mail from Zetetic.net
https://www.zetetic.net/security/
https://www.zetetic.net/security/
-
Appreciation Mail from York.gov.uk
https://www.york.gov.uk/security
https://www.york.gov.uk/security
-
Hall of Fame from Redhat.com
https://access.redhat.com/articles/66234
https://access.redhat.com/articles/66234
-
Hall of Fame from Wartsilla
https://www.wartsila.com/contact/report-vulnerability/hall-of-thanks
https://www.wartsila.com/contact/report-vulnerability/hall-of-thanks
-
Hall of Fame from Yesware.com
https://www.yesware.com/security/
https://www.yesware.com/security/
-
Valid Bug for Adobe
Hackerone
https://www.adobe.com/trust/security.html
-
Acknowledge Mail from thethingsnetwork.org
https://www.thethingsnetwork.org/responsible-disclosure
https://www.thethingsnetwork.org/responsible-disclosure
-
Acknowledgement Mail from Cisco
Cisco
Cisco.com
-
Acknowledgement Mail from Dentsu
Denstu.com
https://www.dentsu.com/policies/responsible-disclosure-policy
-
Acknowledgement Mail from Synaptics
Synaptics
https://www.displaylink.com/contact/security
-
Acknowledgement Mail from thethingsindustries.com
thethingsindustries.com
thethingsindustries.com
-
Acknowledgement mail from ebanx.com
ebanx.com
ebanx.com
-
Acknowledgemnt Certificate from Avast
Avast
https://www.avast.com/security
-
Acknowledgment Mail for Reporting 3 Security Issue from NASA
https://www.nasa.gov/vulnerability-disclosure-policy/
https://www.nasa.gov/vulnerability-disclosure-policy/
-
Appreciation Letter and Hall of Fame from Conclusion.nl
Conclusion.nl
https://www.conclusion.nl/kleine-lettertjes/responsible-disclosure
-
Appreciation Mail and Acknowledgement Letter from RU.nl
ru.nl
https://www.ru.nl/publish/pages/894333/responsible_disclosure.pdf
-
Appreciation Mail from Flightradar24.com
Flightradar24.com
Flightradar24.com
-
Appreciation Mail from Flightradar24
Flightradar24
Flightradar24
-
Appreciation Mail from Marklogic
https://www.marklogic.com/security-reporting/
https://www.marklogic.com/security-reporting/
-
Hall of Fame from Blackberry
Blackberry
https://www.blackberry.com/us/en/services/blackberry-incident-response-team
-
Hall of Fame from Forward.de
Forward.de
https://www.burda-forward.de/en/security/
-
Hall of Fame from GeHeathCare
https://www.gehealthcare.com/security/cvd/thanks
https://www.gehealthcare.com/security/cvd/thanks
-
Hall of Fame from Honeywell
https://www.honeywell.com/us/en/product-security
https://www.honeywell.com/us/en/product-security
-
Hall of Fame from Hostbill
https://hostbillapp.com/responsible-disclosure
https://hostbillapp.com/responsible-disclosure
-
Hall of Fame from Meredith(Hackerone)
Hackerone
Private Hackerone Program
-
Hall of Fame from Pusher
Pusher
https://pusher.com/security
-
Hall of Fame from Sap
https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers#:~:text=Acknowledgments%20to%20Security%20Researchers&text=The%20SAP%20Product%20Security%20Response,'%20and%20partners'%20SAP%20systems.
https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers#:~:text=Acknowledgments%20to%20Security%20Researchers&text=The%20SAP%20Product%20Security%20Response,'%20and%20partners'%20SAP%20systems.
-
Hall of Fame from Stkkr.nl
https://stkkr.nl/responsible-disclosure/hall-of-fame/
https://stkkr.nl/responsible-disclosure/hall-of-fame/
-
Hall of Fame from UU.nl
https://www.uu.nl/en/organisation/information-and-technology-services-its/hall-of-fame-responsible-disclosure
https://www.uu.nl/en/organisation/information-and-technology-services-its/hall-of-fame-responsible-disclosure
-
Hall of fame from Osisoft
Osisoft
https://pisquare.osisoft.com/s/Blog-Detail/a8r1I000000GvYlQAK/hall-of-thanks
-
Hall of fame from wur.nl
https://www.wur.nl/en/Value-Creation-Cooperation/Information-security.htm
https://www.wur.nl/en/Value-Creation-Cooperation/Information-security.htm
-
Reward from Leaseweb
leaseweb.com
www.leaseweb.com
-
Reward from ZTE.com
ZTE.com
ZTE.com
-
Acknowledgement from icsi.co.uk
icsi.co.uk
icsi.co.uk
-
Acknowledgment Mails from NCIIPC (100)
https://nciipc.gov.in/RVDP.html
https://nciipc.gov.in/RVDP.html
-
Hall of Fame by Lumc.nl
https://www.lumc.nl/1374429
https://www.lumc.nl/1374429
-
Hall of Fame from Apnic
Apnic.Net
https://www.apnic.net/community/security/apnic-vulnerability-reporting-program/
Reported 2 security issues -
Hall of Fame from Resmed
Resmed.com
https://www.resmed.com/en-us/security/
-
Hall of Fame from bournemouth.ac.uk
bournemouth.ac.uk
https://cert.bournemouth.ac.uk/hall-of-fame/
-
Hall of fame from Rollbar
https://docs.rollbar.com/docs/responsible-disclosure-policy#contributors
https://docs.rollbar.com/docs/responsible-disclosure-policy#contributors
-
Acknowledge Letter from Huawei
Huawei
Letter of Appreciation for reporting 3 bugs ethically
-
Acknowledge Mail from Vodafone
Vodafone
Reported 4 Valid Bugs
-
Appreciate and Reward from Nike
Nike
Appreciation and Reward
-
Appreciate from Korewirless
https://www.korewireless.com/responsible-disclosure-policy
They don't have any bug bounty program. But they appreciate the hard work.
-
Appreciation from Acer
Acer.com
Appreciation for Reporting bugs and making their site more secure.
-
Appreciation from NXP
www.nxp.com
Offered Appreciation and Gratitude
-
Hall Of Fame Google
Google
https://www.google.com/about/appsecurity/hall-of-fame/archive/
-
Hall Of Fame from FineFriends.social
FineFriends.social
https://finefriends.social/security/hof
-
Hall of Fame Asus
Asus
Hall of Fame on Asus
-
Hall of Fame Broadcom
https://www.broadcom.com
https://www.broadcom.com/support/security-center/security-thanks
-
Hall of Fame Knb.nl
Knb.nl
https://www.knb.nl/responsible-disclosure-hall-of-fame
-
Hall of Fame Philips
Philips
Hall of Fame for reporting 5 bugs ethically.
https://www.philips.com/a-w/security/coordinated-vulnerability-disclosure/hall-of-honors.html -
Hall of Fame Springer Nature
Springer Nature
https://www.springernature.com/gp/info/disclosure
-
Hall of Fame T-Mobile.com
T-mobile,com
https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/acknowledgements-358300
-
Hall of Fame T-Mobile.cz
T-Mobile.cz
https://www.t-mobile.cz/bug-bounty/zed-slavy/
reported 4 valid bugs -
Hall of Fame from Inflectra.com
inflectra.com
https://www.inflectra.com/Company/Responsible-Disclosure.aspx
-
Hall of Fame from United Nation
United Nation(U.N)
https://unite.un.org/content/hall-fame
Name Added twice -
Hall of Fame from Veriff
Veriff
Hall of Fame from Veriff.com
-
Hall of fame from T-Mobile.sk
T-Mobile.sk
https://www.telekom.sk/wiki/ostatne/program-bug-bounty
-
Letter of Appreciation from HTC
HTC
Letter of Appreciation for submitting 2 bugs ethically.
-
Letter of Recognition NS1.com
NS1.com
Letter of Appreciation and Swag
-
Reward from Abnamro
Abnamro.nl
Rewarded for reporting bugs on their website ethically.
-
Reward from Channable.com
channable.com
Reward from channable.com
-
Reward from LeaseWeb
Leaseweb
Rewarded in €€€ for reporting security issue on LeaseWeb ethically.
-
Reward from Sociality.io
Sociality.io
Reward from Sociality.io
-
Appreciation from Gasunie
-
Letter of Appreciation from gasunie.nl for reporting 2 severe bugs ethically on their website twice.
-
Hall of Fame from Flipkart
Flipkart
Hall of Fame from Flipkart
-
Letter of Appreciation Channable
Channable Security Team
Letter of Appreciation and bounty for reporting a bug in their website Ethically.
-
Acknowledgement Mail from Daimler
Daimler
https://www.daimler.com/whitehat/
-
Acknowledgement Mail from fendi.com
https://www.fendi.com/us/info/legal-area/responsible-disclosure-policy
-
Acknowledgement from iex.ec
infra@iex.ec
infra@iex.ec
-
Appreciation Letter from Rowan University
https://support.rowan.edu/sp?id=kb_article_view&sys_kb_id=4ba47ee4dbda6700c262fbec0f96199b#:~:text=Where%20do%20I%20report%20security,edu%20and%20click%20Get%20Help.
https://support.rowan.edu/sp?id=kb_article_view&sys_kb_id=4ba47ee4dbda6700c262fbec0f96199b#:~:text=Where%20do%20I%20report%20security,edu%20and%20click%20Get%20Help.
-
Hall of Fame from Medal TV
Medal TV
https://megacool.medal.tv/security
-
Hall of Fame from Powerassist.nl
https://www.powerassist.nl/security-hall-of-fame
Hall of Fame fron Powerassist.nl
-
Hall of Fame from Stedin.net
Stedin.net
https://www.stedin.net/responsible-disclosure/gemelde-en-opgeloste-kwetsbaarheden
-
Hall of Fame from Trendmicro
https://success.trendmicro.com/vulnerability-response
https://success.trendmicro.com/vulnerability-response
-
Hall of Fame from edas.info
https://edas.info/doc/disclosure.html
https://edas.info/doc/disclosure.html
-
Hall of Fame from fountain.com
https://www.fountain.com/security
https://www.fountain.com/security
-
Hall of Fame from mmc.nl
https://mmc.nl
Hall of Fame from https://mmc.nl
-
Reward from Redwolf
Redwolf.in
Redwolf.in
-
Swag from Centr.org
Centr.org
centr.org
-
Thank you mail from Leiden.nl
https://gemeente.leiden.nl/responsible-disclosure/
https://gemeente.leiden.nl/responsible-disclosure/
Recommendations received
1 person has recommended Harinder
Join now to viewMore activity by Harinder
-
Just a week ago, I started my cybersecurity journey with TryHackMe, mastering the basics and diving into real-world applications. Without wasting…
Just a week ago, I started my cybersecurity journey with TryHackMe, mastering the basics and diving into real-world applications. Without wasting…
Liked by Harinder S.
-
#Hiring - Looking to hire candidates to join the #RedTeam at #HDFCBANK Candidates with strong experience in Red Team Assessments, & MITRE ATT&CK…
#Hiring - Looking to hire candidates to join the #RedTeam at #HDFCBANK Candidates with strong experience in Red Team Assessments, & MITRE ATT&CK…
Liked by Harinder S.
-
🚀 2024: A Year of Growth and Gratitude in My Hacking Journey This year has been nothing short of extraordinary in my bug bounty journey: 1️⃣…
🚀 2024: A Year of Growth and Gratitude in My Hacking Journey This year has been nothing short of extraordinary in my bug bounty journey: 1️⃣…
Liked by Harinder S.
-
I’m incredibly honored to be recognized as one of the Top 10 Security Researchers of 2024 on the Com Olho platform. A huge congratulations to my…
I’m incredibly honored to be recognized as one of the Top 10 Security Researchers of 2024 on the Com Olho platform. A huge congratulations to my…
Liked by Harinder S.
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Harinder S.
-
Harinder S
Commercial Pilot/ Flight Instructor
-
Harinder S
Small Business Owner at Uber for Business
-
Harinder S.
Student at Ryerson University
-
Harinder S Juneja
Edupreneur, Speaker, Director at Maple Bear School, Dalanwala & Sahastradhara Rd (Dehradun); Director at Adroit Progressive School, Dehradun
-
Harinder S
--
8 others named Harinder S. are on LinkedIn
See others named Harinder S.