Acknowledgment of those who have helped us to secure Bosch Websites.

Junting Zhu (@testert1ng)

Broken link hijack

Atul Sanjay Hadgal (Atul Hadgal)

SSRF

Thilo Mohri (Thilo Mohri)

2x Subdomain Takeover

courte66 e4366eolywrgpidfbio (@Twitter_e4366eolywrgpidfbio)

Sensitive Data Exposure

Gokul Raju

Weak Credentials

MustafaSky

Insufficient Anti-Automation

Thilo Mohri (Thilo Mohri)

2x Subdomain Takeover

Patrick Lang (Patrick Lang)

14x Sensitive Information Exposure

Denial of Service

3x XSS

Remote Code Execution

SQL injection

Vikas Srivastava, INDIA (@007vikaxh)

Sensitive Information Exposure

Tolgahan Demirayak (Tolgahan Demirayak)

Sensitive Information Exposure

Pam_sec

2x Sensitive Information Exposure

Mohammed Fadhl Al-Barbari (@m4dm0e)

Sensitive Information Exposure

Reflected XSS

SQL injection

courte66 e4366eolywrgpidfbio (@Twitter_e4366eolywrgpidfbio)

3x Sensitive Information Exposure

Remote Code Execution

Server Missconfiguration

Aravind Valugonda (@iaravindv)

Improper Access Control

Abhiraj Krishnan (@KrishnanAbhiraj, LinkedIn Profile)

Denial-of-Service (DoS)

3x Broken Link Hijacking

2x Sensitive Information Exposure

Arbitrary file upload

Tushar Balu Shinde (Tushar Shinde)

Clear Text Password Submission

Junting Zhu (@testert1ng)

6x Reflected XSS

2x Reflected XSS

2x Subdomain Takeover

Insecure Direct Object References (IDOR)

Application-wide CSRF

Open Redirect

Akash H.C (Akash H.C)

Sensitive Information Exposure

Hamid Rezaei @ ZharfPouyan Toos (Xer0Days)

Observable Response Discrepancy

Improper Authentication

2x Insecure Direct Object Reference

Sensitive Information Exposure

Ismail Tasdelen (Ismail Tasdelen)

Improper Authentication

Reflected XSS

Unauthorized Access to Services (API/ Endpoints)

Sensitive Information Exposure

Husain Murabbi (@husain-murabbi-cyberhumans) Mansoor Rangwala (@mansoor-rangwala-cyberhumans)

Subdomain Takeover

Srikar V (@exp1o1t9r)

Sensitive Information Exposure

MelarDev (@melardev)

Subdomain Takeover

Lu William Hanugra @ Vantage Point Indonesia (hanugra)

2x Server Side injection

Diwakar Kumar (Diwakar Kumar)

Insufficient Anti-Automation

Steve Nyan Lin (Steve Nyan Lin)

SQL injection

Mariano Carrasco (@8marianoD)

Open Redirect

Robbie Wiggins (@Random_Robbie)

Remote Code Execution

Yunus YILDIRIM (@Th3Gundy)

Remote Code Execution

delta0ne @ Vantage Point Singapore (delta0ne)

6x Reflected XSS

Remote Code Execution

Improper Authentication

SQL injection

Improper Authorization

Priyanshu Parihar (Priyanshu (priyanshuxo) @priyanshu_xo )

3 x Subdomain Takeover

pop404 Vantage Point Singapore (pop404)

Sensitive Information Exposure

Kirtikumar Anandrao Ramchandani (Kirtikumar Anandrao Ramchandani)

Uncontrolled Resource Consumption

abdilahrf @ Vantage Point Indonesia (@abdilahrf)

Open Redirect Vulnerability

Reflected XSS

2x Sensitive Information Exposure

CSRF / Account Takeover

ashlyn @ Vantage Point Singapore (Ashlyn Lau)

Sensitive Information Exposure

External SSRF

Geethu Sivakumar, PaceHitech (Geethu Sivakumar, Geethu Sivakumar)

Server Missconfiguration

Muhammad Talha - Hamza Asif - Sarim Jamil - Syed Maaz Anwer

Text Injection

Jeffrey Hoekema (Jeffrey Hoekema)

3x Reflected XSS

Wasim Shaikh (@Wa_sim_sim)

Sensitive Information Exposure

Aishwarya Sanjay Kendle (Aishwarya Kendle)

Subdomain Takeover

Patrick Davidson Tremblay (Patrick Davidson Tremblay)

Cleartext Transmission of sensitive information

Chi Tran (Chi Tran)

9x Remote Code Execution

3x Proxy bypass

Nathan Lee Grant (nathanleegrant)

2x Reflected XSS

XSSi Vulnerability

2x SQL injection

Blind SQL injection

Anh_thanh_nien - Security Researcher at VNPT ISC

Remote Code Execution

Aditya Shende (@ADITYASHENDE17)

Sensitive Information Exposure

Hoang Quoc Thinh (@g4mm4 of CyberJutsu.IO)

Web cache poisoning

SQL injection

Remote Code Execution

Sourajeet Majumder (@sourajeet__)

Server Missconfiguration

Rahul M (Rahul M)

Insufficient Anti-Automation

Aziz Hakim (@4z1zu)

Stored XSS

Vishnuraj K V (Vishnuraj KV)

2x Information Exposure

Pankaj Kumar Thakur ( @Nep_1337_1998)

Reflected XSS

Severus (Severus)

Sensitive Information Exposure

Sadir Mehdi (@mehdi_sadir)

Information Exposure

Nitish Shah (@IamNitishShah)

Unauthorized Access to Services (API/ Endpoints)

Alex Chepovetsky (Alex Chepovetsky)

Reflected XSS

Sourav Newatia (Sourav Newatia)

Broken Authentication and Session Management

Shoeb Patel (@0xCaptainFreak)

Server Side Injection

Remote Code Execution

Shubham Maheshwari (Shubham Maheshwari)

2x Reflected XSS

SQL injection

Belal Rashed Othman (@bl4ckpanth_er)

Insufficient Anti-Automation

Vishal Kumar Vachheta (Vishal Vachheta)

2 x Subdomain takeover

Cross Site Request Forgery

Jarosław Węgrzynowicz

Information Exposure

Wai Yan Aung (@waiyanaun9)

Reflected XSS

Md. Asif Hossain (Asif Farabi)

Information Exposure

Eusebiu Blindu (@testalways)

Sudomain takeover

Rayen Messaoudi (Rayen Messaoudi)

Information Exposure

Dominique van Dorsselaer

2 x Subdomain Takeover

Suhail Jahagirdar (Suhail Jahagirdar)

Cleartext Transmission of sensitive information

Shashank Chaurasia (Shashank Chaurasia)

Reflected XSS

Ezio Paglia (Ezio Paglia)

Reflected XSS

Bryan Smith (@d4rkm0de)

Arbitrary File Upload

Dan Fabro (@0x61_)

CSRF

Reflected XSS

Clickjacking

Armin (@cyberanteater)

Reflected XSS

Syed Abuthahir (Syed Abuthahir)

Server Misconfiguration

Patrick Davidson Tremblay (Patrick Davidson Tremblay)

Blind SSRF

Reflected XSS

Authentication Bypass

Default Credentials

Cleartext Transmission of sensitive information

Abhijeet Jain (@seecure963)

Information Exposure

Damian Schwyrz (@damian_89_)

Reflected XSS

Tushar Shinde (Tushar Shinde)

Reflected XSS

SerHack (@serhack_)

Information Exposure

Alper Tecimer (Alper Tecimer)

Stored XSS

Nikhil Kumar (Nikhil Kumar)

Host Header Attack

Numan OZDEMIR (Numan OZDEMIR)

Reflected XSS

Open Redirect

Sreekanth Reddy (Sreekanth Reddy)

Exposed Credentials

SI9NT

Information Exposure

Aamir Usman Khan

Server Misconfiguration

Tijo Davis (Tijo Davis)

Clickjacking

Alberto Perez Agudo

SQL Injection

Niraj Gautam (Niraj Gautam)

Information Exposure

Pyae Phyoe Thu (Pyae Phyoe Thu)

Reflected XSS

Hein Thant Zin (Hein Thant Zin)

Stored XSS

दानिश इनामदार (दानिश इनामदार)

Clickjacking

Aman Bhardwaj (Aman Bhardwaj)

Error Message Information Disclosure

Dan Niño I. Fabro (Dan Niño I. Fabro)

CSRF

Stored XSS

2 X Clickjacking

Mohammed Azharuddin (Mohammed Azharuddin)

Text Injection

Prathamesh Joshi (Prathamesh Joshi)

Information Disclosure Vulnerability

Artur Kiefel (Artur Kiefel)

XSS in Cookie

Murtada Kamil (Murtada Kamil)

Information Exposure

Salman Sajid Khan (Salman Sajid Khan)

Information Exposure

Clickjacking

Nikhil Sahoo (Nikhil Sahoo)

4 x Clickjacking

Chinthala Srinivas (Chinthala Srinivas)

Host Header Attack

Information Exposure

Rajatkumar Karmarkar (Rajatkumar Karmarkar)

Content Injection

Ashish Gautam Kamble

Reflected XSS

Abhishek Misal (Abhishek Misal)

Host Header Attack

Clickjacking

Subodh Kumar

HSTS

Youssef A. Mohamed

DOS

Prayas Roshan Biswal (Prayas Roshan Biswal)

Information Exposure Through Error Message

Shiram Datar (Shiram Datar)

Information Exposure

Abhishek Tiwari (Abhishek Tiwari)

2 x Clickjacking

Raghav Rao

Information Exposure

Dzianis Skliar (Dzianis Skliar)

3 x Information Exposure

Information Exposure Through Error Message

Shubham Deshpande (Shubham Deshpande)

Reflected XSS

Dipen Patel (Dipen Patel)

Stored XSS

Ashish Chhatani

Clickjacking

Kunal Bahl (@Kunal Bahl)

HTML Injection

Arjun Singh (@Arjun Singh)

Reflected XSS

B.Dhiyaneshwaran (B.Dhiyaneshwaran)

Improper Control of Interaction Frequency

Chirag Gupta (Chirag Gupta)

Improper Access Control

Mohammed Al-Barbari

Information Disclosure vulnerability

Authentication Bypass

Murat Kaya

Reflected XSS

Abhishek Sidharthan (Abhishek Sidharthan)

Server Misconfiguration

Pranshu Tiwari (Pranshu Tiwari)

Server Misconfiguration

Adesh Nandkishor Kolte (@AdeshKolte)

XSS via SSRF

Mohd Arif (Mohd Arif)

Persistent XSS

Mayank BIT Mesra (Mayank BIT Mesra)

Missing Authentication for Critical Function

2 x Error Message Information Disclosure

Mukesh Kumar (Mukesh Kumar)

Host based Web Cache Poisoning

Azam (Azam)

Reflected XSS

Samet Sahin

Reflected XSS

Orkhan Yolchuyev (Orkhan Yolchuyev)

Unrestricted Upload of File with Dangerous Type

Improper Input Validation

Sean Melia (@seanmeals)

Code Execution

Information Exposure

Mehmet Tuncer (Mehmet Tuncer)

Information Exposure

Path Traversal

File Inclusion

Saransh Rana (Saransh Rana)

Information Exposure

Samuel Eng (Samuel Eng)

Information Exposure

Berk Imran (@berk_imran)

Reflected XSS

Bill Ben Haim (Bill Ben Haim)

Information Exposure

Unrestricted Upload of File with Dangerous Type

Sahil Mehra (Sahil Mehra)

Host Header Attack

Islam Uddin (Islam Uddin)

2 x Information Exposure

Arne Ramos (Arne Ramos)

6 x Clickjacking

Agametov Rustam (@AgametovRustam)

Server-Side Request Forgery and XSS

Arcot Krishna Manjunath (Arcot Manju)

Cleartext Transmission of Sensitive Information

Cross Origin Resource Sharing

Shivankar Madaan (@shivankarmadaan)

Cleartext Transmission of Sensitive Information

Wai Yan Aung (@waiyanaun9)

4 x Reflected XSS

Kirtikumar Anandrao Ramchandani (Kirtikumar Anandrao Ramchandani)

HSTS

DOS

Rony Gigi (Rony Gigi)

CSRF

Wen Bin KONG (Wen Bin KONG)

Reflected XSS

Sanyam Chawla (Sanyam Chawla, bugcrowd.com/infosecsanyam)

Reflected XSS

Shubham Maheshwari (Shubham Maheshwari)

Reflected XSS

Miguel Santareno (Miguel Santareno)

Reflected XSS

Mindset Software Technologies (MISTS)

Improper Access Control

qwacsawd (hackerone.com/qwacsawd)

Reflected XSS

Error Message Information Disclosure

Niklas Tanskanen (Niklas Tanskanen)

Use of Insufficiently Random Values

Sam Eizad (Sam Eizad)

Header Injection

Athul Jayaram

Content Injection

Sreedeep.Ck Alavil (Sreedeep.Ck)

Improper Input Validation (CVE-2017-9065)

Sarath Kumar (kadavul)

Reflected XSS

Peled Eldan (Peled Eldan)

5 x Reflected XSS

Yash Mehta (Yasf Mehta)

Reflected XSS

Mitesh Patil (Mitesh Patil)

Reflected XSS

Dawood Ansar (Dawood Ansar)

Reflected XSS

Shanmukh D (Shanmukh D)

Reflected XSS

Thrivikram Gujarathi

Reflected XSS

Vikash Chaudhary

Reflected XSS

Ari Apridana (Ari Apridana)

Reflected XSS

Yusuf Furkan (Yusuf Furkan)

HSTS

James Herrick (@mushicious)

Reflected XSS

Blake Rand

2 x Clickjacking

Remesh Ramachandran

Improper Input Validation (CVE-2017-9065)

Anant Mudgal (@anantmudgal)

Use of Hard-coded Credentials

Missing Custom Error Page

Information Disclosure

Chris Green (@chris_t_green)

SQL Injection

Ashish Kunwar (@D0rkerDevil)

Clickjacking

Ipsita Subhadarshan Sahoo

4 x Clickjacking

Steven Hampton (@Steven)

2 x Clickjacking

Ismail Tasdelen (Ismail Tasdelen)

Overly Permissive Cross-domain Whitelist

4 x Clickjacking

Sensitive Cookie Without ‘HttpOnly’ Flag

Rate Limit Bypass

Information Exposure Through an Error Message

7 x Improper Control of Interaction Frequency

6 x Cleartext Transmission of Sensitive Information

7 x Information Exposure

Nainsi Gupta (Nainsi Gupta)

Open Directory Listing

Suru Santhosh (Suru Santhosh)

Reflected XSS

Clickjacking

Mehmet Kelepçe (Mehmet Kelepçe)

Reflected XSS

Himanshu Rahi (Himanshu Rahi)

Stored XSS

Ravela Pramod Kumar (@PramodRavela)

3 x Improper Restriction of Excessive Authentication Attempts

Mohammed Azeem k

3 x Clickjacking

Akshay Bhardwaj (GreyArt) (Akshay Bhardwaj)

2 x Clickjacking

José Manuel Aparicio González (@jm_aparicio) Juan Francisco Acevedo Carles (@Odbk_sec)

3 x Reflected XSS

SQL Injection

Ahmet Mersin

HTML Injection

Suyog Palav (Suyog Palav)

HTML Injection

3 x Clickjacking

Faiz Ahmed Zaidi (Faiz Ahmed Zaidi)

2 x Clickjacking

Macall Salugsugan

Stored XSS

HTML Injection

Rate Limit Bypass

4 x Clickjacking

Kamran Saifullah

Vasim Shaikh (vasim-shaikh)

Md Sameull Soykot (@s0yk0t)

Clickjacking

Nathan Lee Grant (@nathanleegrant)

2 x Reflected XSS

Stored XSS

HTML Injection

Pankaj Rane (@Panckaz_Rane)

Aayush Babbar

Clickjacking

Tansel ÇETİN (@tansbey)

Reflected XSS

Lars Peeters

3 x Reflected XSS

Jose Carlos Exposito Bueno

3 x Reflected XSS

Secuninja (@secuninja)

6 x Reflected XSS

Matthew Mawby (@updat3d, Matthew Mawby)

Subdomain Takeover

GAİS (Güvenlik Açığı İstihbarat Servisi)

Reflected XSS

Shuvamoy Roy (shuvamoy.roy.3)

Eliran Itzhak (eliran-itzhak)

4 x Reflected XSS

Florian Kunushevci (florianx00)

Reflected XSS

Shwetabh Suman (@SHWETABHSUMAN11)

HTML Injection

Hagay Sason (grseecon.com)

3 x Reflected XSS

Stored XSS

Umesh Jore

Clickjacking

Max Derrick

Reflected XSS

Bharath Kumar (BharathKumarMV)

Improper Input Validation (CVE-2017-5638)

Mario Sahertian (mario-sahertian)

Error Message Information Disclosure

Yasin Soliman (@SecurityYasin)

Reflected XSS

Information Disclosure

Muhammad Mudassar Yamin (mudassaryamin)

Cross Site Tracing

Windows Short File Name

M.L (@SonnySpooks)

2 x Error Message Information Disclosure

4 x Reflected XSS

Suhas Sunil Gaikwad (SuhasGaikwad, @iamSuhasGaikwad)

Reflected XSS

Sam Sanoop (@snoopysecurity)

5 x Reflected XSS

Amine Hm

SQL Injection

Kenan Genç

Reflected XSS

Ketankumar B. Godhani (@KBGodhani)

Clickjacking

Ed (@EdOverflow)

Reverse Tabnabbing

3 x Reflected XSS

2 x Insufficient Session Management

Open Redirect

CSRF

DOS

Pedro Cardoso (@tvmpt)

Reflected XSS

Vipin Chaudhary(vipin-chaudhary, @vipinxsec)

Resource Injection

2 x Reflected XSS

Michał Praszmo (@nazywam)

Open Redirect

Waseem Ullah Siddiqui

Open Redirect

Reflected XSS

Sadik Shaikh

Clickjacking

Mateusz Szymaniec (@RevToJa)

Reflected XSS

Nassim Bouali

2 x Reflected XSS

SQL Injection

Serge Lacroute (@fakessh)

3 x Reflected XSS

2 x External service interaction

Open Redirect

Sandeep Singh Jadon

User enumeration

Илья Селезнёв

2 x Path Traversal

2 x Remote File Inclusion

Kenan GÜMÜŞ

XSS across many sites

João Pina (@tomahock)

2 x Reflected XSS

2 x Stored XSS

File Enumeration

Elarbi Dafrouillah

2 x Path Traversal