Hall Of Fame

We are grateful to the following people for having reported valid security bugs and for helping us make Internshala safer.
Kaushal Bhardwaj
  1. Misconfiguration of policy - reported on 15th Feb, 2023
Shuvamoy Roy
  1. Information Disclosure - reported on 18th Jan, 2021
Rohit Soni
  1. Information Disclosure - reported on 10th Aug, 2020
Ritik Chaddha
  1. Information Disclosure - reported on 26th Jun, 2020
Pratik Dabhi
  1. Stored XSS - reported on 22nd Jun, 2020
Raju kumar(Mrcyberwarrior)
  1. Misconfiguration of policy - reported on 28th Feb, 2020
Dewanand Ram Vishal
  1. Misconfiguration of policy - reported on 26th Feb, 2020
Rahul Mali
  1. Open Redirection - reported on 10th Oct, 2019
  2. Referral count issue - reported on 10th Oct, 2019
  3. XSS - reported on 10th Aug, 2016
Aditya Sharma
  1. XSS - reported on 18th Oct, 2018
Deepanshu Tyagi
  1. XSS - reported on 6th Jul, 2018
Karan Saini
  1. Bypassing E-mail Verification - reported on 6th Feb, 2018
Nisheal A John
  1. Stored XSS - reported on 20th Nov, 2017
Ishaq Mohammed
  1. CSRF bypass - reported on 11th Sep, 2017
Noman Shaikh
  1. Data Manipulation using CSRF bypass - reported on 24th Mar, 2017
Shrey Sethi
  1. Information stealing using XSS - reported on 6th Jan, 2017
Mohit Soni
  1. Click Jacking - reported on 29th Nov, 2016
  1. SQL Injection - reported on 10th Aug, 2016

Internshala Bug Bounty Program

If you discover a security issue in our website or app, please report it to us confidentially in order to protect the security of our products. Please email the details to our technical team at tech@internshala.com. We will get back to you once we have investigated it completely.

Guidelines of our bug bounty program-

  • Please do not use automated tools in your research without our explicit consent
  • We must be able to reproduce the security flaw from your report. Unclear or vague reports are not eligible for bug bounty. Reports that include clearly written explanations and working code/ Proof of concept videos are more likely to be eligible for bug bounty
  • The bug must exist in Internshala's codebase.
  • Please avoid privacy violations, destruction of data and interruption or degradation of our service during your research
  • Please give us reasonable time (upto 1 week) to investigate and respond to your report
  • We try to investigate, fix and credit bugs in a timely manner. However, it may be possible that fixing a bug may take time and the same bug may be reported by multiple researchers. In such a case, we will only credit the first researcher to report an issue
  • We reserve the exclusive right to determine whether or not a bug/ vulnerability report is serious enough to warrant a reward. We are not interested in most bugs of the following type-
    • Denial of Service vulnerabilities (DOS)
    • Possibilities to send malicious links to people you know
    • Security bugs in third-party websites that integrate with Internshala
    • Mixed-content scripts
  • Rewards: If a bug/vulnerability is significant enough to warrant addition to our bug bounty program, we will send you an Internshala T-shirt and add your name to our hall of fame.