U gebruikt een verouderde browser en daarom werkt de website niet optimaal voor u. Om alle functionaliteiten te kunnen gebruiken, raden we u aan om over te stappen naar een andere browser.

This page contains the Hall of Fame with a mostly up-to-date list of security researchers who have reported security vulnerabilities to us. It is the result of our responsible disclosure policy.

Reported and resolved vulnerabilities

August 2021

SAP-Open redirect on a website of DNWG discovered by Zax Asif (Twitter)

Open redirection on a website of DNWG discovered by Ifrah Iman

July 2021

Clickjacking on a website of DNWG discovered by Aravind (LinkedIn / Twitter)

Clickjacking on a website of DNWG discovered by Muhammad Usman Nasir (LinkedIn)

User enumeration on websites of DNWG discovered by Ahmed Salah Abdalhfaz (Twitter)

June 2021

HTTP Strict Transport Security policy not enabled on a Stedin website discovered by shubhamch

May 2021

Phpunit leaking database credentials on a website of DNWG discovered by Harinder Singh (S1N6H) (LinkedIn)

Unsafe file upload on a website of DNWG discovered by Mayur Pamar (th3cyb3rc0p) (LinkedIn)

XSS in a portal of DNWG discovered by Omar (Powerjacob)

Unauthenticated REST API endpoint on a portal of DNWG discovered by aungpyaekoko

Critical file found on a website of DNWG discovered by Brokenstarr (Twitter)

April 2021

Tabnabbing on a website of DNWG discovered by Nishant Narendra Lugare

Security misconfiguration leads banner grabbing to CVE exploit discovered by Hasibul Hasan Rifta (Twitter)

February 2021

HTML injection through sendemail funtionallity on a website of DNWG discovered by D4rk0 (Twitter)

January 2021

Unsafe file upload on a website of DNWG discovered by herrfabs

validationKey and decryptionKey leak in web.config file discovered by herrfabs

CVE-2017-12635: Admin user created + access to application on a website of DNWG discovered by D4rk0 (Twitter)

December 2020

Clickjacking on a Stedin website discovered by Souvik-Mondal (LinkedIn)

Options method enabled on a website of Stedin discovered by iampritam

November 2020

Subdomain takeover on a Stedin website discovered by floerer

September 2020

API key leakage discovered by Muhammad Usman Nasir

Content spoofing on a Stedin website discovered by Muhammad Usman Nasir

July 2020

Vulnerability in Cisco ASA used by Stedin discovered by D-d-W

April 2020

Disclosure of server technology and version discovered by MZ-ZeroCPT

December 2019

Subdomain takeover possible due to a misconfigured CNAME record discovered by dominiquevd 

Subdomain takeover possible due to a misconfigured CNAME record discovered by jubobs

October 2019

Error page contains SQL error information discovered by D4rk0

September 2019

Usernames are findable through an unrelated search form discovered by D4rk0

August 2019

Unsecure configuration on a website discovered by an anonymous security researcher

Data enumeration possible based on limited information discovered by an anonymous security researcher

February 2019

Server information leakage discovered by sreeappsec

September 2018

Domain spoofing vulnerability on multiple websites discovered by SecguruOTX

Misconfigured SPF record discovered by SecguruOTX

January 2018

Captcha is not implemented on a form discovered by an anonymous security researcher

November 2017

XSS vulnerability discovered by rootaccess

Publicly accessible website which should be restricted to internal users only discovered by rootaccess

October 2017

DNS misconfiguration discovered by an anonymous security researcher

August 2017

Exposure of sensitive information on joulz.nl discovered by an anonymous security researcher

July 2017

Unsafe SSL configuration discoverd by warringaa

March 2017

Missing headers which may lead to XSS discovered by an anonymous security researcher