This page lists external individuals and organizations that have helped improve the security posture of The University of Texas at Austin since July 2021 by responsibly reporting vulnerabilities and security issues they have discovered. Please report all vulnerabilities and security issues to security@utexas.edu.

2024

  • Jitendra Behera, information disclosure
  • Ahmed Ali Al-Sayah, reflected XSS and host header injection
  • Harsh Sanghvi, directory listing and DNS misconfiguration
  • Devanshu Thanvi, misconfiguration
  • Abdullah Salah Alnbahani, 3 information disclosures and 3 reflected XSS, 1 LFI
  • Nitya Nand Jha (Shunux), information disclosure
  • Ahmad Alassaf, information disclosure
  • Radwan Selo, exposed ElasticSearch instance

2023

  • Chandru R, exposed wp-config.php
  • Kiran Gunturu, reflected XSS
  • Biswajeet Ray, default system credentials
  • Hassan Ali Al-Abdullah, SQL injection and XSS
  • Bader Majed, reflected XSS
  • Alvin Mwambi, Django Debug enabled
  • Abdullah Salah Alnbahani, Information Disclosure, Open redirect
  • Hamoud Mohsen Al-Mutairi, 1 HTMLi, 1 iFrame injection, 1 reflected XSS, 1 stored XSS, 1 blind SSRF, 1 open redirect
  • Abdelrahman Ibrahim Farg, 3 XSS
  • Youssef Elsaka, 1 XSS (reflected)
  • Kullai Metikala (@Kullai12), 1 open redirect, one XSS
  • Ahmed Kamal AbouElwafa, 1 Stored XSS
  • Nitesh Singh, Information Disclosure 
  • Muntadher Mahdi, 1 SQL injection
  • Mustafa Adam Qamar EL-Din Abdallah, Identified non-patched services
  • Fares Djaghmoune, 1 reflected XSS
  • Essam A. Nouby, 3 open redirects, 1 misconfiguration/information leak
  • Sushil Phuyal (1337mickey), misconfiguration/information leak
  • Abdelli Mira (eylulturan31dz), 1 XSS
  • Younes Amegoune, misconfiguration/information leak
  • Muhammed Azab, 2 XSS, 2 misconfigurations
  • Ibrahim Alghamdi, SQL injection
  • Joshua Arulsamy, CSRF
  • Felipe Gabriel Renzi, 1 XSS
  • Nan Winata, OS command injection
  • Abdulaziz Alshehri, 2 XSS
  • xveysel10, 4 DNS misconfigurations

2022

  • Anmol Kumar, HTML injection
  • Madhurendra Kumar, default credential found, 1 exposed service discovered
  • Nitesh Biwal, 2 XSS
  • Imran Shaikh, 1 XSS
  • Santosh Das, 1 credential leak
  • Rifat Al Jubayer, 2 XSS
  • Jose Carlos Exposito Bueno, 3 XSS, 2 SQLi (All Star)
  • nhiephon, 1 XSS
  • Kandukuru Sai Jaswanth, 1 XSS
  • Salih Dumlu, 1 XSS
  • Abdlallah Mohammed, 1 XSS, 1 configuration leak, 1 SSRF
  • Noor Mohammad Gagguturi, 1 XSS
  • Mohammed Motlaq Alotibi, 2 credential leaks, 1 key leak
  • Mohammad Jassim, 1 RCE, 7 DNS misconfigs, 1 XSS, 1 arbitrary file upload
  • Yahya Jaber Alabdli, 1 LFI
  • Abdiwhaab Ahmed Omar, 1 XSS, 1 DNS misconfig
  • Girish B. O., 1 abuse of functionality
  • Ibrahim Ehab, 3 misconfigs
  • Haider Kareem, 4 XSS
  • Mat Shuke, 1 misconfig
  • Dave Wittman, 1 misconfig
  • Ahmed Hassan, 5 XSS
  • Abhith Damodaran, 1 XSS
  • Prudhvi Vuda, 1 misconfig
  • Sujan Shetty, 1 misconfig
  • Phyo WaThone Win, 1 misconfig
  • Mohammed Saleh, 1 misconfig
  • Santosh Bobade, 1 XSS
  • Muhammad Billadilathof (Lathof) - 3 SQLi, 3 XSS (All Star)
  • Chirag Ketan Prajapati, 3 XSS
  • Satrya Wira Yudha, 1 XSS
  • Mridul Vohra, 2 XSS, 2 misconfigs

2021

  • Everton (Hydd3n)
  • Marwan Ali albahar, Umm al-Qura University
  • Nathan Hrncirik
  • Haider Kareem
  • Gaurang Maheta