This repository has been archived by the owner on Dec 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy paththanks.txt
31 lines (30 loc) · 2.84 KB
/
thanks.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# We would like to thank the following:
# [yyyy-mm-dd] Name -- description
[2024-10-31] Ariel Rachamim Omri Inbar - reported a subdomain takeover vulnerability on 2 GOV.UK services
[2024-09-04] Darshan Naresh Naik - reported a HTML Injection vulnerability in a GOV.UK service
[2024-05-18] Dejaun Barker (exss) - reported a Subdomain Takeover vulnerability in a gov.uk service
[2024-03-14] Miguel Segovia Gil (miguelse) - reported a Missing Rate-Limiting Control in a gov.uk service
[2024-02-08] Sushmita Poudel (sushmita_poudel) - reported a Cross-Site Request Forgery in a gov.uk service
[2024-01-29] Jeewan Bhatta (itsjeewan) - reported a Cross-Site Request Forgery in a gov.uk service
[2024-01-29] Jeewan Bhatta (itsjeewan) - reported a Insecure Direct Object Reference in a gov.uk service
[2024-01-29] Boya Vamshi Krishna (bittu_vamshi_) - reported a Open Redirect vulnerability in a gov.uk service
[2023-12-31] Sheyko Andrey (kennebecriver) - reported a sub-domain takeover vulnerability for Cabinet Office service
[2023-12-28] Suvam Adhikari (WHOISshuvam) - identified improper authorization in a gov.uk development instance
[2023-12-18] Swapnil Kothawade - identified multiple access control misconfigurations in a gov.uk service
[2023-12-10] Swapnil Kothawade - identified access control misconfigurations in a gov.uk service
[2023-11-24] Swapnil Kothawade - identified access control misconfigurations in a gov.uk service
[2023-11-19] Omkar Tawade - reported a security misconfiguration in a GOV.UK domain
[2023-06-12] D4rkrai - reported a refelected XSS vulnerability in a GOV.UK hosted site
[2023-06-07] Christophe Tafani-Dereeper -- reported a security misconfiguration in a GOV.UK AWS service
[2023-05-16] Rajesh Thapa -- potential takeover vulnerability within data.gov.uk prototype
[2023-04-11] Sanjok Karki(thesanjok) -- reported a Sensitive Information Disclosure vulnerability to Cabinet Office
[2023-02-03] Mitchell Robson -- reported a sub-domain takeover vulnerability for Cabinet Office services
[2022-12-01] Corrie Sloot -- found DNS misconfiguration for Government Communication Services
[2022-10-10] Ilie Alexandru -- reported a XSS vulnerability in a GOV.UK hosted site
[2022-10-05] Souvik Kandar -- found a security misconfiguration for the civil service learning platform
[2022-06-06] Tom Samson -- potential vulnerability to Log4j exploit in GOV.UK hosted application
[2022-06-06] Michael Minchinton -- cached URLs linking to sensitive files on a GOV.UK service
[2022-05-27] Ayush Juneja -- potential vulnerability with GOV.UK contact forms
[2022-01-17] Mohd.Danish Abid -- potential directory security misconfiguration on gdscareers.gov.uk
[2021-07-21] Artem Smotrakov -- potential timing attack on GOV.UK Pay Webhook signature checks
[2020-02-11] Jonathan Leitschuh -- potential MITM using HTTP to resolve some GOV.UK Pay Maven dependencies