Hall of Fame

While no Bug Bounty Reward Program is currently in place for this site, I would like to express my gratitude and recognition to researchers who have helped make this site safer.

  • Feb '26 : Yash Jare Found unecessary IBAN information in one document of the hosted sites

  • Jan '26 : Sahil More -- Insecure HTTP Access via Direct IP Address.

  • Jan '26 : Aryan Malhotra -- Discovery of global XSS vulnerability.

  • Oct '25 : Khaja Masthan Shaik found archived file with exposed credentials.

  • Sept '25 : Netipalli Manoj Kumar found exposed Google API key.

  • Sept '25 : Santosh Bobade discovery of reflected XSS vulnerability.

  • Sept '25 : Rushikesh Chaudhari found file with exposed credentials.

  • Sept '25 : Md. Fahim Shakil Chowdhury server version disclosure.

  • Sept '25 : Independantly Shubham Sanjay Deshmukh and Gaurang maheta identified missing missing HTTP security headers.

  • Jan '25 : Rivek Tamang editable document found in published content by a club.

  • Jan '25 : Pallavi Pandey clickjacking vulnerability.

  • Oct '24 : Akhil C.D. Open redirection issue (minor).

  • Oct '24 : Parth Narula phpBB issues.

  • Sep '24 : Gaurang Maheta discovery of an info vulnerability.

  • Apr '23 : Nguyen Khanh Thuan (VNCS GLOBAL VIET NAM) discovery of XSS vulnerability.

  • Jan '23 : Nguyen Hoang Quoc An (HTC Global VietNam) -- Discovery of XSS vulnerability.

  • Jan '23 : Nguyen Phu Hung -- Directory Listings.

  • Oct '22 : Gaurang Maheta pointed to an outdated server config used for backup..

  • Feb '22 : Ravi Prajapati (LinkedIn, OpenBounty)-- Discovery of XSS vulnerability.

  • Feb '22 : Sainath -- Discovery of XSS vulnerability.

  • Feb '22 : Chirag Prajapati, Cybertix -- Discovery of XSS vulnerability.

  • Feb '22 : Shivam Khambe & Mayank Mukhi -- Discovery of general clickjacking vulnerability.

  • Feb '22 : Shivam Khambe -- Discovery of lack of configuration to reduce risk of email spoofing (SPF).

  • Feb '22 : Omkar Korekar -- Discovery of files exposing some server configuration information.



All security issues may be reported to Thierry Sourbier : webmaster@onlinetri.com