Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

Platform update: please use our new authentication mechanism to securely use the Open Bug Bounty Platform.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
 1,706,133 coordinated disclosures
1,384,084 fixed vulnerabilities
1,992 bug bounty programs, 3,887 websites
47,256 researchers, 1,653 honor badges

OpenBugBounty.org  >  Security Researchers  >  gdattacker

gdattacker | Security Researcher Profile


Security researcher gdattacker has already helped fix 601 vulnerabilities.



Researcher reputation:  760

Real name:
Gaurav Kumar

About me:
Gaurav Kumar, A Security Researcher From India Who Loves To Make The Web A Safer Place For Everybody By Reporting Any Security Vulnerability I Found Online. Contact Details Mentioned Below.

PayPal & Payoneer e-mail: [email protected]
BTC Address: 3P1tao8sycwbJmCPFkueJG4ErJg8zrkxbp

Contact email:
[email protected] https://twitter.com/gdattacker https://facebook.com/drago4344 https://www.linkedin.com/in/gdattacker

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Paypal, Amazon card, BTC, Swags, Gifts. After all, it takes a lot of efforts and time to find Security Vulnerabilities :)

Halls of Fame:
Facebook, Google, Apple, Sony, Freelancer, United Nations Organisation, Pluralsight, Envato, Abacus, Castbox, Jet, inflectra, CodePen, FanDuel, ISC2.nl, JPmorganChase, ledger.. etc.

Follow me on:
Twitter

Ethics and Rules:
Gaurav Kumar is required to abide by the ethics and rules of the Open Bug Bounty project. If you reasonably believe that rules are not respected, please report this to us.

Recommendations and Acknowledgements | Full List:

@sczid     6 November, 2020
    Twitter sczid Zentraler Informatikdienst from University of Vienna:
Dear gdattacker,

The University of Vienna would like to thank you for your valuable contribution in finding a website security issue. Your input is highly welcome and helps to raise the security level of our educational institution.

Servus and greetings from Vienna, Austria.
@TinNguy54963117     23 September, 2020
    Twitter TinNguy54963117 Tin from American Water:
Thank you for the accurate and quick response in disclosing our vulnerability. This was done in a professional and responsible manner through the bug bounty program, giving us time to remediate.
@satcharts     24 September, 2019
    Twitter satcharts Peterson :
Thank you for helping make our website more secure.

We really appreciate it. Keep up the good work!
@HRZUni_MR     17 July, 2023
    Twitter HRZUni_MR Andreas Leder from Philipps University Marburg:
Dear gdattacker,

The Philipps University Marburg would like to thank you for your valuable contribution in finding a website security issue. Your input is highly welcome and helps to raise the security level of our educational institution.

Regards from Marburg, Germany.
@cb_ximo     25 October, 2021
    Twitter cb_ximo Kino from pista3.com:
Thank you for helping to make our site more secure
@diogenesverlag     13 October, 2021
    Twitter diogenesverlag Susanne from Diogenes Verlag:
Thanks a lot for reporting this bug and thus making our site more secure.
@showmypc     11 October, 2021
    Twitter showmypc showmypc.com from ShowMyPC:
Thanks for your reporting and making our platform secure. We appreciate your work!
@giroud_francois     10 October, 2021
    Twitter giroud_francois Giroud from WebLettre:
Thanks a lot for the notification, and for the explanations that allowed us to fix the vulnerability !
@jrkok     7 April, 2021
    Twitter jrkok Security team from afstandmeten.nl:
Thanks for the notification of a specific XSS vulnerability and the detailed background information.
@macports     7 April, 2021
    Twitter macports Rainer Müller from MacPorts:
Thank you for bringing an XSS issue on our site to our attention!
@cpweather     2 January, 2021
    Twitter cpweather Christian from meteoalerte.com:
Thanks for your help in identifying security problem in my website code!
@kushidat     26 December, 2020
    Twitter kushidat Tatsuya Kushida from RIKEN BRC:
Thank you so much for suggesting the vulnerability. The prompt and detailed response helped solve the issues.
@studentdoctor     1 December, 2020
    Twitter studentdoctor Lee from studentdoctor:
Fantastic work by gdattacker, found errors on two of our sites that he helped us test following patching. Thanks!
@studentdoctor     26 November, 2020
    Twitter studentdoctor Lee from studentdoctor:
Identified two CVEs that we responded to immediately. Excellent and friendly communication. Highest recommendation!

Thank you!
@SNTech2     26 November, 2020
    Twitter SNTech2 Steve from Sharenet:
A big thank you for reporting the bug and providing all the information required to quickly fix the bug. Much appreciated and keep up the good work!
@AsictSoc     18 November, 2020
    Twitter AsictSoc Security Operation Center from Politecnico di Milano:
Dear gdattacker,

the SOC of Politecnico di Milano would like to thank you for disclosing us a XSS vulnerability on our infrastructure.
@SteffenBugenha1     18 November, 2020
    Twitter SteffenBugenha1 Steffen Bugenhagen from HeizPellets24:
Thank you for finding a another XSS vulnerability within our Application. The Response was also quick and detailed so it was easy to fix this quickly. Keep up the good work!
@SteffenBugenha1     18 November, 2020
    Twitter SteffenBugenha1 Steffen Bugenhagen from HeizOel24:
Thank you for finding a XSS vulnerability within our Application. The Response was quick and detailed so it was easy to fix this quickly. Keep up the good work!
@recifs     17 November, 2020
    Twitter recifs Philippe Rivière :
Thank you for the security report
@WebShakeRU     10 November, 2020
    Twitter WebShakeRU Artyom from webshake.ru:
Thank for your help with security of my site!
@LeifTher     6 November, 2020
    Twitter LeifTher leif from Gurusoft:
Thank you so much for you quick, detailed and very helpful report!
@LeifTher     6 November, 2020
    Twitter LeifTher leif from Gurusoft:
Thank you so much for you quick, detailed and very helpful report!
@Eiffel_Language     31 October, 2020
    Twitter Eiffel_Language Jocelyn from eiffel.org:
Thank you for your efforts and reporting the XSS vulnerability you found on eiffel.org .
@adridder     28 October, 2020
    Twitter adridder Alexander from inkcoink:
Thank you for your help with this XSS vulnerability on our site. We appreciate the responsible reporting via openbugbounty.
@mako_o9999     23 October, 2020
    Twitter mako_o9999 Masako Okamoto from Kyoto University:
Gdattacker found a XSS problem on one of our websites and reported to us. We were able to solve the problem quickly. Thank you so much!
@amswebs     16 October, 2020
    Twitter amswebs Mike from AMS:
Thank you for your help with this XSS vulnerability. We appreciate the responsible reporting via openbugbounty.
@xlaunay     16 October, 2020
    Twitter xlaunay xlaunay from Daily Connect:
Thank you for identifying and reporting a vulnerability on our site.
@dusalnet     10 October, 2020
    Twitter dusalnet Almas from Blogmn.net:
Thank you for found the XSS vulnerability for my site.
@lorenzoherrera     30 September, 2020
    Twitter lorenzoherrera Loren from Litmind:
Found an XSS vulnerability that escaped us, difficult to filter and find! Thanks to him our site is now more secure. Thank you!
@rus_cert     18 September, 2020
    Twitter rus_cert RUS-CERT from University of Stuttgart:
Thank you so much for you quick, detailed and very helpful report!
@rundumsbaby     4 September, 2020
    Twitter rundumsbaby rundumsbaby from rundumsbaby:
Thank you for the report and the help. Very recommended!
@cloudrexx     4 September, 2020
    Twitter cloudrexx Thomas from Cloudrexx AG:
Thank you very much for making us aware of the issue and providing us a high quality vulnerability report which helped us identify the source of the vulnerability right away.
@kevinBaseCom     20 August, 2020
    Twitter kevinBaseCom Kevin from WDL.com:
Thanks for pointing out the XSS vulnerability
@HoutVasthouden     30 July, 2020
    Twitter HoutVasthouden Woodwize from Woodwize:
Thank you Gaurav for helping us making our website a safer place! You reported a XSS vulnerability on one of our webforms, you gave us very clear information on the issue, so that we were able to fix the bug.
Keep up the good work!
@kkb5mobile     28 July, 2020
    Twitter kkb5mobile Shinichi Ueno from Kagoshima Broadcastiong corporation:
Thank you for pointing out the vulnerability.
Thanks to you, I was able to respond safely.
@RedLeoteca     28 July, 2020
    Twitter RedLeoteca Admin from Leoteca en Red:
Thank you very much for your support and efforts to help us. Highly appreciated.
@SNTech2     10 July, 2020
    Twitter SNTech2 Steve from Sharenet:
A big thanks for notifying us of the bug! Much appreciated.
@newstroll_de     9 July, 2020
    Twitter newstroll_de David from NEWSTROLL:
Thanks for reporting the bug in a very professional manner. We appreciate your work that helps us making our service more secure.
@booksprice     2 July, 2020
    Twitter booksprice Doron from Booksprice:
Thank you for reporting the bug, and the clear details, much appreciated.
@giroud_francois     14 June, 2020
    Twitter giroud_francois Giroud from WebLettres:
Thank you ! Very professional, useful details to reproduce the issue ! Thanks for the help !
@simtkportal     12 June, 2020
    Twitter simtkportal JPK from Simtk.org:
Found an XSS vulnerability on our site. Thank you for the detailed information about the issue and the suggested solutions for fixing.
@bigwavedave_ca     11 June, 2020
    Twitter bigwavedave_ca DaveB from bwd:
Thank you for reporting the XSS vulnerability on my website and for the detailed description of the issue. You are doing good work.
@BuyAndRead     10 June, 2020
    Twitter BuyAndRead BuyAndRead from BuyAndRead:
Thank you for reporting a bug on our website.
@rundumsbaby     8 June, 2020
    Twitter rundumsbaby rundumsbaby from rundumsbaby:
Thank you very much for your help!
@viewbug     26 May, 2020
    Twitter viewbug Jim from ViewBug:
Thank you Guarav! Very professional on checking our site for bugs and for providing the details in such a professional manner. We appreciate your help making our platform more secure
@redicius     26 May, 2020
    Twitter redicius Pavel from vestirna:
Tested my site a lot (according to log :) and found an hidden XSS issue in our site.
Thank you!
@AnimeCons     18 May, 2020
    Twitter AnimeCons Patrick from FanCons:
Reminded us that we had left our beta testing site open to the world. Oops!
@nookkin     13 May, 2020
    Twitter nookkin nookkin from nookkin:
Found some old unsecured pages from 3rd party components on my site. Easy to overlook / forget about, but hackers can still exploit them so it's important to lock them down or remove unused ones. Thanks for helping me make my site more secure!
@plaxiva     12 May, 2020
    Twitter plaxiva Konstantin from plaxiva:
Helped with finding POST XSS vulnerability, recommend as security specialist.
@RuncornLinnets     12 May, 2020
    Twitter RuncornLinnets Steve P from Runcorn Linnets FC:
Identified an XSS issue on our site, and assisted in testing to make sure it was address. We greatly appreciate the assistance, and the speedy responses.
@tnyaritm     7 April, 2020
    Twitter tnyaritm Tamas from Mediashop:
Thank you for supporting us to fix XSS vulnerabilities. You provided detailed report to fix the issue easily.
Thank you again for your efforts!
@christophmoar     5 April, 2020
    Twitter christophmoar Christoph :
Cool and professional contact, quick response, I appreciate your effort.
Thanks!
@gaborvitez     25 February, 2020
    Twitter gaborvitez Gabor :
Found an XSS hole on our site, and provided the information necessary to fix it. Thank you!
@BountyNeuvoo     17 February, 2020
    Twitter BountyNeuvoo Raed from Neuvoo:
Dear,

Thank you for participating in our responsible disclosure program.

You helped us to solve a security vulnerability by informing us directly and delivering comprehensible examples.

We greatly appreciate your assistance in helping us maintain the security of our services.

Best regards
@useyourlocal     13 February, 2020
    Twitter useyourlocal John from Useyourlocal:
Identified an XSS issue in our site and provided instruction on how to replicate. As a result we were able to quickly patch and resolve the issue. Thanks!

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:1508
Total reports on VIP sites:81
Total patched vulnerabilities:601
Recommendations received:55
Active since:25.03.2019

Open Bug Bounty Certificate


Researcher Certificate

Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions




No posts in blog yet










  Latest Patched

 02.05.2024 iuclid6.echa.europa.eu
 02.05.2024 capim.pb.gov.br
 01.05.2024 preproduccio...ratos.gov.co
 01.05.2024 siat-sz.edu.cn
 01.05.2024 novosantoantonio.mt.gov.br
 01.05.2024 tmsteam.me
 30.04.2024 myvirtualcar...h.nsw.gov.au
 30.04.2024 myvirtualcar...h.nsw.gov.au
 28.04.2024 pedralva.mg.gov.br
 28.04.2024 novaubirata.mt.gov.br

  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    1 May, 2024
    Mek:
Got a recommendation to fix an SQL injection vulnerability on my website. As I am a hobbyist and my page is a hobby project, I can't offer money, so I am recommending this researcher. Thanks again.
    26 April, 2024
    I_bims_Mike:
Thank you very much for identifying the XSS vulnerability and for our friendly email exchange.
    22 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
    10 April, 2024
    Mars:
Hatim uncovered a XSS bug that we were able to quickly resolve. Thanks very much for your assistance and help.
    8 April, 2024
    Panthermedia:
Thanks to the support of Hatim Chabik, we were able to identify and solve an XSS bug.
Making Web a Safer Place
Coordinated & Responsible Disclosure
Based on ISO 29147 Guidelines

2023 © OpenBugBounty
  • Follow us