NUS Bug Bounty Hall of Fame 2019
The NUS Bug Bounty Programme is an initiative that empowers our students to discover and report security vulnerabilities on our applications and systems. Through this, we aim to bridge the cyber security skill gap and improve the overall IT security posture in NUS. The programme was inaugurated by NUS IT in 2019, in partnership with HackerOne and NUS School of Computing.
During the Bug Bounty challenge in Aug 2019, there were 9 winners awarded a total of USD6,050 and elected into the NUS Hall of Fame.
| No | Name | Vulnerability | Bounty (USD) |
|---|---|---|---|
| 1 | BELLANTE ARMANDO (ikaga1) | Remote Code Execution x 2 | $3,000 |
| 2 | AHN TAEGYU (letmethrough) | Information Disclosure (x2), Reflected Cross Site Scripting (x1) | $1,500 |
| 3 | NGO WEI LIN (creastery) | Information Disclosure (x1) Security Misconfiguration (X1) | $500 |
| 4 | MIKOLAJ PARANIAK (stellamaris11) | Reflected Cross Site Scripting x 1 | $250 |
| 5 | MARILYN CHUA MIN XUAN (muffled) | Improper Authentication x 1 | $250 |
| 6 | KOH ZHENG WEI (dahdah) | Improper Authentication x 1 | $250 |
| 7 | KINGSTON KUAN JUN XIANG | Information Disclosure x 1 | $100 |
| 8 | DIPTY OJHA | Improper Authentication x 1 | $100 |
| 9 | LIU SU (ethanyz) | Improper Authentication x 1 | $100 |
SPECIAL CONTRIBUTIONS
The following issues were uncovered by NUS Greyhats and/or School of Computing Students (as part of penetration testing modules).
| No | Profile | Vulnerability | Severity |
|---|---|---|---|
| 1 | Ngo Wei Lin, Lee Yu Choy, Glenice Tan Yu Xin, Tan Quan Rong Kaiser | Information Disclosure (x2) | Medium |
