From the bottom of our hearts, we thank the wonderful and vigilant people who work tirelessly to improve online security. The users featured on this page make an invaluable contribution to protecting the digital realm every day by exposing critical vulnerabilities. Their tireless efforts and commitment to responsible disclosure have a profound impact and strengthen the foundation of cybersecurity within LKPR. It is with the utmost admiration that we present the Hall of Fame, dedicated to the honorees for their extraordinary efforts and to showcase their role in promoting online security.
2026
Raja Muhammad Kurnia Setyawan - reported Enabled Debug Mode on api.prg.aero
Muhammad Helmi Assura - reported Open Redirect vulnerability
Farrisal B - reported reflected XSS vulnerability
Gaurang Maheta - reported Expired SSL Certificate
Gaurang Maheta - reported subdomain takeover vulnerability
2025
- Gaurang Maheta - reported weak SSH KEX Algorithm
- Daoud Youssef – reported Bypass of Rotating CSRF Token in Password Reset Endpoint
- Zaid Ali Hussein – reported potential DOM-based XSS vulnerability + vulnerable JS library
- Felipe Gabriel Renzi – reported user enumeration vulnerability
- Azza Tegar Naufal Ataullah – Host Header Injection
- Raka Wisnu Wardhana Adi – reported Unauthenticated File Upload
- Sakil Hasan Saikat – reported Misconfigured Access Control
- Qadhafy Muhammad Tera – reported 1 HTML injection in email content vulnerability
- Ubaidah Ibnu Mubarok – reported 2 Input Injection Vulnerabilities
- Yossef Tarek – reported multiple Vulnerable JS libraries
- Durvesh Kolhe – reported user enumeration vulnerability
2024
- Adrián Tirado García – reported 1 No Rate Limiting vulnerability
- Gaurang maheta – reported 1 Sensitive Data Exposure vulnerability
2023
- CSOC LKPR - reported 1 Cross Site Scripting (XSS) vulnerability