Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

All Open Bug Bounty emails are sent only from openbugbounty.org domain being digitally signed. All others are fake. Learn more.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,491,101 coordinated disclosures
1,172,090 fixed vulnerabilities
1,769 bug bounty programs, 3,499 websites
35,514 researchers, 1,571 honor badges

Cyber_WorldTop-50 VIP Open Redirect Reporter Top Security Researcher of the Month Top VIP Security Researcher of the Month | Security Researcher Profile


Security researcher Cyber_World has already helped fix 45494 vulnerabilities.



Researcher reputation:  1670

Real name:
Praveen Kumar

Contact email:
[email protected]

Alternative Contacts:
[email protected]

Award / Bug Bounty I prefer:
I prefer bug bounty/swag/hof/vouchers
Paypal id - https://www.paypal.com/paypalme/cyberworld1

Recommendations and Acknowledgements | Full List:

@pr0t30     9 May, 2023
    Twitter pr0t30 Amílcar Guerra from Tricontinental:
Thank you Praveen for the report and swift help to fix the vulnerability on our website. Your help is greatly appreciated!
@ColchonesDto     18 April, 2023
    Twitter ColchonesDto Ruben from ColchonesConDescuento.es:
Thank you for letting us about the vulnerabilities found. Very helpful.
@aartvdwerf     5 September, 2022
    Twitter aartvdwerf Aart from OI:
Cyber_World helped us by pointing out some files that shouldn't be public! Thank you for the responsible disclosure!
@madmas     30 June, 2022
    Twitter madmas Markus from EvKgmSgb:
By your reports, we could understand and mitigate some security risks at our systems, thanks a lot for your help!
@akibablade     17 March, 2022
    Twitter akibablade Liam from Warrior Collective:
Super professional and lightning-fast. Helped to resolve almost immediately. Fantastic!
@evollis_tech     28 February, 2022
    Twitter evollis_tech Evollis tech team from Evollis:
The Evollis team would like to thank Praveen for his work. Professional, very reactive and disclosing the full details of the vulnerability in a responsible manner. Thanks !
@AsictSoc     9 December, 2021
    Twitter AsictSoc Security-Ict-Asict from Politecnico di Milano:
Dear Cyber_World,

the SOC of Politecnico di Milano would like to thank you for disclosing us the vulnerability on our infrastructure.
@sandovs     19 November, 2021
    Twitter sandovs Daniel Sandoval from LoopKey:
Cyber_World helped us by pointing out some log files that shouldn't be public! Thank you for the responsible disclosure and cordiality during the whole process!
@FUMBBL     4 June, 2021
    Twitter FUMBBL Christer Kaivo-oja from FUMBBL:
Found a clickjacking vulnerability and sent a professional and clear vulnerability report. Thank you Praveen!
@BenKennish     26 May, 2021
    Twitter BenKennish Ben Kennish from -:
Helpful and polite. Thanks Praveen!
@philippejadin     14 May, 2021
    Twitter philippejadin Phiolippe Jadin from Agorakit:
Thank you for reporting an issue with the presentation website of the project and for the quick replies !
@jakeanders     8 April, 2021
    Twitter jakeanders Jake from NCO:
I am very grateful for alerting me to this vulnerability and the clear instructions provided to mitigate the risk. I am also grateful for the extremely rapid response when getting in touch for further details. Thank you.
@blasttheory     12 March, 2021
    Twitter blasttheory Michael from Blast Theory:
Thank you Praveen for reporting an issue with our website and helping to resolve this. Good work. Thanks again.
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp CERT-rlp from CERT-rlp:
The team of CERT-rlp would like to thank Cyber_India for a responsible and coordinated disclosure of vulnerabilities.
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp CERT-rlp from CERT-rlp:
The team of CERT-rlp would like to thank Cyber_World for a responsible and coordinated disclosure of information disclosure vulnerabilities
@ipoca_jp     24 February, 2021
    Twitter ipoca_jp developer from ipoca:
Thank you for reporting an open Website Security Issue and help us to fix it!
@ipoca_jp     24 February, 2021
    Twitter ipoca_jp developer from ipoca:
Thank you for reporting us about the Website Security Issue.
@poldish73     23 February, 2021
    Twitter poldish73 Sven from California:
Thank you for reporting a public accessible file and for the very helpful, fast and pleasant communication. Error was fixed in seconds.

Thank you very much.
@alex_ermer     22 February, 2021
    Twitter alex_ermer Alex from Clanintern:
Thanks for reporting my issues!
@moliv3     21 February, 2021
    Twitter moliv3 Olivier from Girondel:
Thanks Praveen for finding a disclosure issue !
@class502     20 February, 2021
    Twitter class502 Robert from Friends of the 502 Group:
Thank you for reporting an issue with our website and assisting us with a fix for the vulnerability.
@demmojo     20 February, 2021
    Twitter demmojo Mohamed from Blok-Z:
We are grateful for the vulnerability report that you shared with us! Also, amazing response time!
@axelhooge     19 February, 2021
    Twitter axelhooge Axel from JBAG:
Thank you very much for your nice help and for reporting the beginner mistake to us :-)
@Helping_Biz     16 February, 2021
    Twitter Helping_Biz Nardo from U-C WEBS:
Thank you for pointing out that long forgotten vulnerable file on one of our servers. But it's gone now. :-)
@NukeJay     16 February, 2021
    Twitter NukeJay Jack from Printing Service:
Brought to our attention some security issues. Fast and clear communication! Can recommend!
@DeputyVice     12 February, 2021
    Twitter DeputyVice Andrew Cartwright from NeuRA:
Many thanks to Cyber_World for identifying a git issue with our site and helping us to resolve it without delay.
@shamusr001     10 February, 2021
    Twitter shamusr001 Shannon Ribbons from Osis Design:
Praveen helped locate and define a vulnerability in my WordPress install, I recommend his skills.
@fadlerQA     10 February, 2021
    Twitter fadlerQA Frank from meinestadt:
Thank you for reporting an issue and for the helpful communication.
@LordSeru     10 February, 2021
    Twitter LordSeru Sebastian Braune from TUCed GmbH:
Thank you for reporting a vulnerability on our site.
Due to your detailed report, we could close it within minutes.
@WiiDatabase     10 February, 2021
    Twitter WiiDatabase Andreas from WiiDatabase:
Thank you for reporting an open XMLRPC to us!
@portentandy     8 February, 2021
    Twitter portentandy Andy from Portent:
Thanks for pointing out our XMLRPC vulnerability!
@thibaudmaes     8 February, 2021
    Twitter thibaudmaes Thibaud from NSI:
Cyber_World informed us about a security issue on a website. Thanks to him, it's more secure now!
@ytrls     8 February, 2021
    Twitter ytrls David from YTRL:
Thank you very much for pointing out the XMLRPC vulnerability!
@ChuckieAJ     7 February, 2021
    Twitter ChuckieAJ AndyT from Trucklesoft:
Brought to my attention some security issues. Now resolved. Good communication.Recommended!
@williamtm     6 February, 2021
    Twitter williamtm Will from Chase Trails:
Thanks to Praveen for reporting a potential security issue with our site - a public xmlrpc & json REST API.
@unsinn_s21     5 February, 2021
    Twitter unsinn_s21 Florian from VN:
helped to close a not used api in wordpress, quick and fast respond.
Good luck to you and greetings from Germany.
@IvanVazov5     5 February, 2021
    Twitter IvanVazov5 Webmaster from SPNS:
A big thank you to Praveen for finding and disclosing an XML-RPC Vulnerability on our website. He came back to us in minutes and was very helpful.
@fineststudios     4 February, 2021
    Twitter fineststudios Mike from Inv:
Thanks for pointing out a public phpinfo() on our website.
@ztobi     4 February, 2021
    Twitter ztobi ztobi from none:
Thanks for pointing our our public XML-RPC. Very fast contact
@0tt3rL1k3     3 February, 2021
    Twitter 0tt3rL1k3 Andreas from KV Trier-Saarburg:
Thank You for the reporting and help to fix the issus. Stay Save! Greetings from Germany
@SDCDF5     2 February, 2021
    Twitter SDCDF5 Charles from Cincinnati:
Many thanks for the report and recommendation! Merci beaucoup pour l'alerte et les explications !
@kledoux     2 February, 2021
    Twitter kledoux kledoux from kledoux:
Thank you for reporting a security issue on our site, and for being so detailed and responsive!
@dannythemonk     2 February, 2021
    Twitter dannythemonk Danny :
Thank you very much for your information and help. (XML-RPC API Wordpress) Regards..
@Anjuli     1 February, 2021
    Twitter Anjuli Webmaster from Stiftung trias:
Thanks for point out a public phpinfo(). Very fast contact.
@ZerosGaming     1 February, 2021
    Twitter ZerosGaming Fabian :
Thank you for your notification and quick follow up. Good luck with your OSCP, I know what it takes to get it.
@cyber_pramod     1 February, 2021
    Twitter cyber_pramod Matthu from Upwork:
Very kind and polite. reported very quickly and also helped in fixing bug. Best wishes from UK
@igucci     23 January, 2021
    Twitter igucci igucci from iwsec:
Thank you for the notification and quick & polite response.
Keep up the great work!
@dtestitall     22 January, 2021
    Twitter dtestitall randomthing4ev1 from Name witheld:
Thank you for finding the information disclosure vulnerability! Praveen was very responsive!
@Azatotht     21 January, 2021
    Twitter Azatotht Sylvain from Quebec Amerique:
Thanks for pointing out a public phpinfo() on our website. A++
@milano24ore     21 January, 2021
    Twitter milano24ore Olaf from milano24ore:
Thank you for your tip for finding a vulnerability on the website. Very quick reply.
@yuhiguchi1     20 January, 2021
    Twitter yuhiguchi1 yu-higuchi from ctc:
We appliciate your help with the vulnerability.
The response to inquiries was quick, which was very helpful.
@anTon_x3     20 January, 2021
    Twitter anTon_x3 anTon_X3 :
Thank you for finding security issues on my website! keep it up!
@rantoniazzi     19 January, 2021
    Twitter rantoniazzi Roberto Antoniazzi from Centro per la Cooperazione Internazionale:
Thanks for pointing out a public phpinfo(). Very fast contact.
@driesvanhaver     19 January, 2021
    Twitter driesvanhaver Dries from not disclosed:
We were informed of a vulnerability. Thank you to Praveen for telling us it existed.
@snowdarkz     19 January, 2021
    Twitter snowdarkz Quanruthai from not disclosed:
Thank you very much for the help with the vulnerability. Very fast contact.
@wandelzoek     18 January, 2021
    Twitter wandelzoek Wandelzoekpagina from Wandelzoekpagina:
Thanks for finding a vulnerability on the website. Thanks to your tip, I could repair the issue and keep the website safe
@eduardo_sales     17 January, 2021
    Twitter eduardo_sales Eduardo Sales from Papo de Gordo:
Praveen was very helpful in providing information about a security issue in our site. With his help, we were able to correct eveything and keep our site safe.
@mhmitu     15 January, 2021
    Twitter mhmitu Mihai from Engie:
Hi Praveen,
Thanks for the help with the vulnerability. Very fast and friendly contact.
@SilensStudio     14 January, 2021
    Twitter SilensStudio Simon from PlayDay:
Thank you very much for informing us about our access vulnerability! The world needs more good guys like you! A+!
@mailtest15     13 January, 2021
    Twitter mailtest15 mailtest from mailtest:
Thanks for the help with the vulnerability. Friendly and fast contact
@thailandunique     13 January, 2021
    Twitter thailandunique Lee from Thailand Unique:
Thank you very much for bringing a website vulnerability to my attention.
@Eginity     12 January, 2021
    Twitter Eginity Scott from Eginity:
Thanks for pointing out a public phpinfo();
@nixonson4     6 January, 2021
    Twitter nixonson4 nixonson from LOOM:
Very fast response, provided us with all the detailes. Keep up the good work!
@SewSimpleBags     5 January, 2021
    Twitter SewSimpleBags Deb from not disclosed:
We were informed of a vulnerability via this site. Thank you to Praveen for telling us it existed.
@feuerwehr_lich     5 January, 2021
    Twitter feuerwehr_lich Marc from Feuerwehr Lich:
Helped us identifing a not needed file which privided information about underlying system. Thank you for your Work!
@PingPlotter     4 January, 2021
    Twitter PingPlotter Nate from Pingman Tools:
Thanks a ton for finding a security vulnerability on our site. You definitely have our recommendation.
@_holzmann     4 January, 2021
    Twitter _holzmann Philip from Heimspiel:
Many thanks for finding a public "phpinfo();"
@KabarettN     3 January, 2021
    Twitter KabarettN KabarettN from Kabarett-News:
Cyber_World was very courteous and provided the information needed to solve the problem very quickly. Your work is much appreciated, sir!
@KabarettN     2 January, 2021
    Twitter KabarettN KabarettN from Kabarett-News:
Cyber_World was very courteous and provided the information needed to solve the problem very quickly. Your work is much appreciated, sir!
@Technologywibe     29 December, 2020
    Twitter Technologywibe Jake from Techwibe:
Helped us to find the issue and our devs was able to fix it. Thanks for your fast replies and reporting the issue.
@nglCasanova     29 December, 2020
    Twitter nglCasanova Angel :
Praveen reported a minor security issue and we could fix it immediately. Thanks a lot for letting us know!
@Teaviews     24 December, 2020
    Twitter Teaviews SFINGLE from CB:
Very quick communication and very helpful. Thank you and have a great year!
@JVos63     24 December, 2020
    Twitter JVos63 Jürgen Voskuhl from itcv GmbH:
Kurze Reaktionszeit, klare Hinweise auf die Probleme. Deshalb meine Empfehlung & ein dickes Dankeschön!
@spinetraknet     22 December, 2020
    Twitter spinetraknet Renzo from hsk1830.de:
very quick response helped us fix the issue very quickly
@SaurosVerlag     21 December, 2020
    Twitter SaurosVerlag Sebastian from Sauros Verlag:
Thank you very much for your help. And to let us know how we keep our website safe. Good job!
@JoJoFunParties     21 December, 2020
    Twitter JoJoFunParties Andy Wood from JoJoFun:
Praveen found a PHP file on our site that posed a security risk and generously informed us by email. The file has since been removed. Thanks so much!
@hair_xtensions     20 December, 2020
    Twitter hair_xtensions Pete from Hairx:
Thanks for showing us we had a vulnerability in our files, most appreciated!
@kayopepe1     18 December, 2020
    Twitter kayopepe1 Sascha :
Thanks for reporting the issue!
@PressBahn     17 December, 2020
    Twitter PressBahn Armin from Preßnitztalbahn:
Thank you for the report, which we were not aware of and which we were able to fix in a few moments. A big help!
@teezeh     17 December, 2020
    Twitter teezeh Thomas :
Praveen reported a minor security issue which I could then easily fix by deleting an obsolete file. Thanks for the professional disclosure.
@reikemgmbh     16 December, 2020
    Twitter reikemgmbh Stefan from Reikem IT Systemhaus:
Praveen reported a minor security issue and we could fix it immediately. Thanks a lot for letting us know!
@uvx_bln     16 December, 2020
    Twitter uvx_bln Administrator from Anonymous:
Many thanks for reporting the issue. Once the issue was known, it could be solved within seconds.
@Lord_iMac     16 December, 2020
    Twitter Lord_iMac Elmar from City Schutz GmbH:
Thanks for your report. It was a simple fix but security improvement. Good job!
@knoell123     14 December, 2020
    Twitter knoell123 Bernhard from anonymous:
Thank you very much for your report. Thanks to your help we were able to solve the problem very quickly
@knoell123     14 December, 2020
    Twitter knoell123 Bernhard from Anonymous:
Thank you very much for your report. Thanks to your help we were able to solve the problem very quickly.
@odieng     12 December, 2020
    Twitter odieng odieng from Bnest:
Thanks for pointing out the vulnerability. I appreciate it!
@Fabulous_Vegan     11 December, 2020
    Twitter Fabulous_Vegan fabulous.ch :
Thank you very much for your bug report. It was fixed within a few seconds. Thank you for bringing it to our attention :)
@krupicka_pavel     9 December, 2020
    Twitter krupicka_pavel Pavel Krupicka from Winternet:
Good job, thanks you very much for your report. The patch took a moment only, but it was necessary.
@DWTech3     9 December, 2020
    Twitter DWTech3 Alex Y. from Hypepoint Co.:
Thanks for the report on the issues. Although the issues were simple fixes but the researcher was able to catch them and report the issues with details in a professional manner. Highly recommended!
@fuzzy_dnlp     8 December, 2020
    Twitter fuzzy_dnlp Webmaster from Anonymous:
Honorable work. Thanks for reporting the error. We received a very polite & quick response with details and were able to fix the error within minutes.
@cathouseotkings     6 December, 2020
    Twitter cathouseotkings Webmaster from The Cat House on the Kings:
Thanks for the report. Tech Support had created the vulnerablity while investigating a problem for us which we probably wouldn't have noticed for a while.
@shunn     6 December, 2020
    Twitter shunn Bill from Sinister Regard Publishers:
Thank you so much for your report. It was a simple matter to fix, but we never would have noticed the vulnerability without your input and advice.
@Sebasti53438355     2 December, 2020
    Twitter Sebasti53438355 Seb from hrworks:
Nice contact, thanks for the report!
@rockpapercynic     2 December, 2020
    Twitter rockpapercynic Peter Chiykowski from Rock Paper Cynic:
Thanks for the report and recommendation! Fixed!
@cyber_pramod     1 December, 2020
    Twitter cyber_pramod lozan from Freelance:
Very polite and Knowledgeable reasearch. He provided me much detailsthat i was able to reproduce vulnerability and patch it with the help of mitigation steps. I recommend this specialist
@nikitsinelnikov     25 November, 2020
    Twitter nikitsinelnikov Nikita from ultimatemember.com:
Thanks for your report! We have fixed the issue.

Please login via Twitter to add a recommendation

Honor Badges


Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
WEB SECURITY VETERAN
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

REPUTABLE Badge
FAMOUS Badge
GLOBALLY TRUSTED Badge
REPUTABLE
10+ Recommends
FAMOUS
25+ Recommends
GLOBALLY TRUSTED
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics



Total reports:286658
Total reports on VIP sites:2031
Total patched vulnerabilities:45494
Total vulnerabilities on Hold (Open Bug Bounty):35663
Recommendations received:96
Active since:22.10.2021
Top Security Researcher Awards:Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month Gold Star Top Security Researcher of the Month
Top VIP Security Researcher Awards: Top VIP Security Researcher of the Month Top VIP Security Researcher of the Month Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week Top VIP Security Researcher of the Week

Open Bug Bounty Certificate


Researcher Certificate

Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions




No posts in blog yet










  Latest Patched

 28.05.2023 dpie.nsw.gov.au
 28.05.2023 snigurivka.mk.gov.ua
 28.05.2023 mail.cmarame.ma.gov.br
 28.05.2023 screen.nsw.gov.au
 28.05.2023 wlf.louisiana.gov

  Latest Blog Posts

16.01.2023 by itsvarmakollu
XSS vulnerabilities discovered in ServiceNow - CVE-2022-38463
16.01.2023 by itsvarmakollu
Turning cookie-based XSS into account takeover
08.07.2022 by 4websecurity
CVE 2022-29455 is still affecting millions of Wordpress sites
08.07.2022 by kh4sh3i_
Zabbix - SAML SSO Authentication Bypass
08.07.2022 by FR13ND0x7F
The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

  Recent Recommendations

@DelganGeor63536     26 May, 2023
    Twitter DelganGeor63536:
navreet1425 was professional in his vulnerability disclosure.I really appreciates his work.
@Harpree66584431     26 May, 2023
    Twitter Harpree66584431:
Thank you for finding vulnerability in our website
@MinasPergantis     23 May, 2023
    Twitter MinasPergantis:
Thank you for your help in ensuring the security of our domain and its visitors! Your contributions are invaluable.
@franky1302     17 May, 2023
    Twitter franky1302:
Thanks Khan Janny for letting us know and fix the issue.
@BenjaminSponsor     11 May, 2023
    Twitter BenjaminSponsor:
Thanks for making me aware Alex!