Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
742,962 coordinated disclosures
436,913 fixed vulnerabilities
1147 bug bounties with 2,199 websites
20,617 researchers, 1257 honor badges

rajesh_appsec | Security Researcher Profile

Security researcher rajesh_appsec has already helped fix 246 vulnerabilities.

Researcher reputation:  480

Real name:
Rajesh Tewari

How to contact me:
[email protected]

Alternative Contacts:

Certifications & Diplomas:
CompTIA Security

Experience in Application Security
over 5 years

Award / Bug Bounty I prefer:
Bug Bounty Payments, Paypal, Swags, T-Shirt, Hall Of Fame

Recommendations and Acknowledgements

@redicius     25 February, 2019
    Twitter redicius Pavel from
Did find a XSS hole, shared it with me via openbugbounty. Did not try to blackmail me. Nice guy.
@smiteworks     15 January, 2021
    Twitter smiteworks Doug D from SmiteWorks USA LLC:
Rajesh was very helpful in providing information and penetration testing on our site. With this information, we were able to harden our infrastructure.
@syysvirta     17 December, 2020
    Twitter syysvirta Joonas from Anders:
Thank you Rajesh for reporting a vulnerability, sharing detailed additional information and thus helping us to patch it quickly. Keep up the good work!
@Ryte_CERT     16 November, 2020
    Twitter Ryte_CERT Armin from Ryte:
Thank you Rajesh for reporting vulnerabilities on our website, your quick and detailed response was very valuable to us!
@SNTech2     16 November, 2020
    Twitter SNTech2 Steve from Sharenet:
Thank you for reporting the vulnerabilities on our website, we appreciate the quick and detailed responses. Keep up the good work!
@lansewudao     28 October, 2020
    Twitter lansewudao Jin Lu from Talroo:
Thank you for finding the bug, Rajesh! We fixed it.
@Timeweb     27 October, 2020
    Twitter Timeweb Roman from Timeweb:
Thank you Rajesh for reporting vulnerabilities on our website, your quick and detailed response was very valuable to us!
@testmynet     2 October, 2020
    Twitter testmynet Damon from
Rajesh has helped me find vulnerabilities multiple times even after knowing I don't have a bounty. Very cool. Thank you for taking the time to make our internet better.
@ferulasdentales     22 September, 2020
    Twitter ferulasdentales Staff FD :
Thanks a lot Rajesh for provide us all the vulnerability details in order to patch it, and also for the quick responses and your maximum collaboration.
@rundumsbaby     4 September, 2020
    Twitter rundumsbaby rundumsbaby from rundumsbaby:
Thank you very much for the reports. Excellent reports with a lot of details about the vulnerabilities and suggestions for fixing it.

Shows the first 10 recommendations. See all.

Please login via Twitter to add a recommendation

Honor Badges

Number of Secured Websites

10+ Secured Websites Badge
50+ Secured Websites Badge
500+ Secured Websites Badge
Web Security Veteran Badge
10+ Websites
50+ Websites
500+ Websites
1000+ Websites

Advanced Security Research

WAF Bypasser Badge
CSRF Master Badge
AppSec Logic Master Badge
Fastest Fix Badge
WAF Bypasser
CSRF Master
30+ Reports
AppSec Logic Master
30+ Reports
Fastest Fix
Fix in 24 hours

Outstanding Achievements

Secured OBB Badge
OBB Advocate Badge
Improved OBB Badge
Secured OBB
OBB Advocate
Improved OBB

Commitment to Remediate and Patch

Patch Master Badge
Patch Guru Badge
Patch Lord Badge
Patch Master
55% Patched
Patch Guru
65% Patched
Patch Lord
75% Patched

Recommendations and Recognition

10+ Recommends
25+ Recommends
50+ Recommends

Distinguished Blog Author

Distinguished Blog Author Badge
Distinguished Blog Author Badge
Distinguished Blog Author Badge
1 Post
3 Posts
5+ Posts

Research Statistics

Total reports:956
Total reports on VIP sites:150
Total patched vulnerabilities:246
Total vulnerabilities on Hold (Open Bug Bounty):99
Recommendations received:29
Active since:18.02.2019

Open Bug Bounty Certificate

Researcher Certificate

No posts in blog yet

Reported Vulnerabilities

All Submissions VIP SubmissionsFeatured Submissions

  Latest Patched


  Latest Blog Posts

25.12.2020 by _Y000_
How to bypass mod_security (WAF)
10.12.2020 by _Y000_
sql injection to bypass Mod_Security
10.12.2020 by _Y000_
Create encoded sql payloads
26.10.2020 by _r00t1ng_
Bypass Addslashes using Multibyte Character
26.10.2020 by _r00t1ng_
One Payload to Inject them all - MultiQuery Injection

  Recent Recommendations

@yuhiguchi1     20 January, 2021
    Twitter yuhiguchi1:
We appliciate your help with the vulnerability.
The response to inquiries was quick, which was very helpful.
@anTon_x3     20 January, 2021
    Twitter anTon_x3:
Thank you for finding security issues on my website! keep it up!
@rantoniazzi     19 January, 2021
    Twitter rantoniazzi:
Thanks for pointing out a public phpinfo(). Very fast contact.
@driesvanhaver     19 January, 2021
    Twitter driesvanhaver:
We were informed of a vulnerability. Thank you to Praveen for telling us it existed.
@snowdarkz     19 January, 2021
    Twitter snowdarkz:
Thank you very much for the help with the vulnerability. Very fast contact.