Web Security Researcher & Penetration Tester
Independent cybersecurity researcher focused on web application penetration testing and vulnerability discovery. Based in Khandwa, Madhya Pradesh. Discovered and reported critical vulnerabilities to major organizations globally.
Independent web security researcher (pen tester), search engine optimization analyst and internet marketer. Successfully identified vulnerabilities in over 700 websites. Notable proof of concepts include Republic Media Network & Au Optronics. Currently working on SEOCMS, an automated SEO blogging content management system & SEO tool.
About Me
My name is Chirag Artani (meaning "brightness in life"). The website name 3rag.com comes from "CHI" (3) + "RAG" = Chirag. I'm from Khandwa, Madhya Pradesh – The City Of Saint Dhuniwale Dadaji and Kishore Kumar. I have a strong interest in technology & internet and help people increase their interest in Internet marketing.
Professional Summary
Independent web security researcher (pen tester), search engine optimization analyst and internet marketer. Successfully identified vulnerabilities in over 700 websites. Notable proof of concepts include Republic Media Network & Au Optronics. Currently working on SEOCMS, an automated SEO blogging content management system & SEO tool.
Security Hall of Fame Achievements
Apple Hall of Fame
Discovered and reported Information disclosure vulnerability
Microsoft Hall of Fame
Remote code execution in web app services (*.microsoft.com). Name listed in 2022 & 2024 first list. Found RCE bugs two times!
Telekom Hall of Fame
Reported multiple vulnerabilities including Open Redirect, HTML/CSS injection, Information Disclosure, and Cross-site scripting (XSS)
Accenture Hall of Fame
Took over 26 subdomains & reported 1 to avoid further issues. Critical Vulnerability. Name listed.
Lenovo Hall of Fame
Found a WSO-based critical vulnerability in their server, received a certificate
United Nations Hall of Fame
Vulnerability reported, name to be listed after fix
EC-Council Hall of Fame
Successfully identified 7 reflected XSS vulnerabilities in their web assets, supporting EC-Council in securing its digital assets. Received official Certificate of Appreciation.
Verizon Hall of Fame
Recognized for reporting a significant vulnerability to Verizon's Enterprise Vulnerability Management-Response Team. Received Certificate of Appreciation.
CVE Achievement
CVE-2022-24620 was assigned for discovering a vulnerability in Piwigo (Open-Source) version 12.2.0 & before, involving stored cross-site scripting (XSS) which could lead to privilege escalation. This vulnerability allowed admin to steal webmaster's cookies to gain webmaster access.
Technical Details
In Piwigo 12.2.0 and before, stored XSS could be achieved through the profile-modification feature, when a user adds JavaScript code as the user's mail address. This vulnerability affects the admin and webmaster when they visit the user list section.
Certifications & Acknowledgements
EC-Council Certificate of Appreciation
Awarded for successfully identifying qualifying vulnerabilities in EC-Council's web assets and services, supporting EC-Council in securing its digital assets. Added to the official EC-Council Hall of Fame.
Verizon Certificate of Appreciation
Awarded for efforts in providing a vulnerability report that helped secure Verizon's environment. The Enterprise Vulnerability Management-Response Team acknowledged the work and commitment to security.
Google Cyber Security Foundation Certificate
Completed Google Cyber Security Foundation covering all 8 cyber security domains and frameworks
View CertificationComputer Security Support Fundamentals - CompTIA
Contact
For professional inquiries and collaboration opportunities:
Get In Touch