Nikhil S.

Awarded for exceptional lifetime achievement, consistent professionalism and high-quality service in the Synack Red Team. https://www.synack.com/blog/our-cyber-heroes-announcing-the-2020-21-synack-recognition-winners-on-the-synack-acropolis/

All time #1 on Synack in India and #6 in world

Awarded each year to recognize SRT who perform at the most elite level, as determined by overall production and customer impact.

Awarded each year to recognize SRT who invest time and effort to further the overall culture & researcher experience for the community.

https://acropolis.synack.com/inductees/niksthehacker/

Awarded each year to recognize SRT who generate impressive value, as determined by overall production and customer impact.

Link: https://acropolis.synack.com/inductees/niksthehacker/

press release:

https://www.prnewswire.com/news-releases/synack-announces-crowdstrike-dominos-general-dynamics-information-technology-just-eat-and-santander-uk-as-most-trusted-security-leaders-of-2019-300815347.html?tc=eml_cleartime

https://acropolis.synack.com/inductees/niksthehacker/

https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c

CVE-ID: CVE-2018–15805

https://nvd.nist.gov/vuln/detail/CVE-2018-15546

https://acropolis.synack.com/inductees/niksthehacker/

https://www.synack.com/hack4levels/

https://hackerone.com/hackathons/hacktheworld2017

https://www.synack.com/srt-leaderboard/

https://acropolis.synack.com/inductees/niksthehacker/

https://trust.salesforce.com/en/security/thank-you/

A Formula Injection fixed by Magento in their latest Community and Enterprise Edition

Issue Details:
https://magento.com/security/patches/supee-7405

https://www.etsy.com/bounty/hall_of_fame.php

Microsoft rewarded and acknowledged for finding multiple vulnerabilities inside Microsoft Office 365 and Yammer.

http://technet.microsoft.com/en-us/security/dn469163.aspx

A remote code execution vulnerability discovered in Umbraco CMS (http://umbraco.com/)

reference:
https://github.com/Umbraco/Umbraco-CMS/commit/cad06502235acabf7fb7dca779d2f78f08547e39

CVE-Details:
CVE-2014-10074

Vertical Privilege Escalation vulnerability has been discovered in umbraco CMS

Issue Details:
http://issues.umbraco.org/issue/U4-5891

CVE-ID
yet to assign

phpMyFAQ contains a flaw that is due to the program failing to restrict users from downloading arbitrary attachments. With a direct request, a remote attacker can download attachments.

CVE-ID: CVE-2014-6048

PHPMyFAQ contains a flaw that is triggered as the program fails to properly enforce the 'download an attachment' permission. This may allow a remote attacker to download arbitrary attachments that would otherwise be restricted.

CVE-ID: CVE-2014-6047

PHPMyFAQ contains a flaw that is triggered as CAPTCHA values are not reset or invalidated allowing a remote attacker to re-use the same code over and over to bypass subsequent CAPTCHA challenges.

CVE-ID: CVE-2014-6050

PHPmyfaq version 2.8.12 and earlier contains an Insecure direct object reference vulnerability. An admin having privilege to delete any FAQ multi-site master instance.

CVE-ID: CVE-2014-6049

PHPmyfaq version 2.8.12 and earlier contains a SQL Injection vulnerability through the restore function. This functionality is only executable by admin or other users with special permissions.

CVE-ID: CVE-2014-6045

PHPmyfaq version 2.8.12 and earlier contains CSRF vulnerabilities.

CVE-ID: CVE-2014-6046

WordPress Plugin Wordfence security version 5.1.4 and possibly earlier versions contain cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the vulnerable query string parameter val of whois.php file.

CVE details:
CVE-2014-4932

CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting (XSS) vulnerabilities (CWE-79)

Vulnerability Notes:
http://www.kb.cert.org/vuls/id/405942

CVE details:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7317

https://www.teslamotors.com/about/security

Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a cross-site scripting (XSS) vulnerability. The vulnerability is well coordinated and published by cert here

Vulnerability Notes:
http://www.kb.cert.org/vuls/id/450646

CVE Details:
CVE-2013-6022

https://www.mozilla.org/en-US/security/bug-bounty/web-hall-of-fame/

A program by Deutsche CERT, Reported multiple high and medium severity vulnerabilities. For more info http://www.telekom.com/security/acknowledgements

Found some Serious Multiple Vulnerabilities in Barracuda Services, As a token, they rewarded me with huge bounty.

CubeCart 5.2.3 stable release was having Critical security vulnerability, which has been reported and hence coordinated a fix by me, Please visit the following link for more info

http://forums.cubecart.com/topic/47719-cubecart-524-released/

They had acknowledge my contribution Publically.

CVE-ID details:
CVE-2011-4550

More Information:
http://osvdb.org/show/osvdb/109045
http://techdefencelabs.com/security-advisories.html

Responsibly disclosed vulnerabilities including high and critical severity across yahoo domains, hence rewarded by Yahoo.

Found and Reported WordPress 3.6 Security Vulnerability to wordpress via Secunia

The Advisory had been published

Secunia Link:

secunia.com/community/advisories/54803

CVE details:

CVE-2013-5738

More Information:
http://osvdb.org/show/osvdb/97214
http://techdefencelabs.com/security-advisories.html

Found and Reported multiple vulnerabilities to Squidoo Security Team , as token they rewarded me with token amount and acknowledgement.

https://bughunter.withgoogle.com/profile/d96dbeaa-3347-4ff8-978f-7bd2ecafcc75

Awarded to the top 3 researchers from each level every month in recognition of their exceptional contributions and engagement on platform.

https://portswigger.net/polls/top-10-web-hacking-techniques-2018