███████╗██╗ ██╗██╗ ██╗██████╗ ██╗ ██╗ ██╔════╝██║ ██║██║ ██║██╔══██╗██║ ██║ ███████╗███████║██║ ██║██████╔╝███████║ ╚════██║██╔══██║██║ ██║██╔══██╗██╔══██║ ███████║██║ ██║╚██████╔╝██████╔╝██║ ██║ ╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝
Shubh Mehta
I'm a
# building reliable backend systems and the tooling around them.
# currently obsessed with clean monorepos and typed-everything.
Full-stack web developer, cyber-security researcher, and bug-bounty hunter. I write a lot of Go, deploy a lot of containers, and spend more time than I'd like to admit reading proto files and intercepted HTTP requests.
# education
B.Tech in Computer Science & Engineering at IIIT-DM Jabalpur (Dec 2021 — Jun 2025).
Outside of work — competitive programming (Codeforces specialist, LeetCode 200+), breaking things to learn how they're built, and the occasional half-broken side project.
| PID | USER | %CPU | NAME | LEVEL |
|---|---|---|---|---|
| 101 | shubh | 94.2 | go | expert |
| 102 | shubh | 90.1 | react/next | advanced |
| 103 | shubh | 88.7 | node/express | advanced |
| 104 | shubh | 86.1 | kubernetes | advanced |
| 105 | shubh | 82.4 | docker | advanced |
| 106 | shubh | 80.0 | typescript | advanced |
| 107 | shubh | 74.8 | mongodb | proficient |
| 108 | shubh | 72.3 | burpsuite/pentest | proficient |
| 109 | shubh | 65.8 | c++ | proficient |
gocd
Frontend served by Next, backend by Go behind one port. Service-to-service communication on Kubernetes with structured tracing, WebSocket pod-log streaming, and graceful rollouts.
GDB-UI
Browser-based interface for GDB debugging sessions. Built as part of Google Summer of Code under c2siorg — letting users run, step, and inspect GDB sessions without the bare CLI.
CodeNova
Social platform exclusively for programmers. Personalised problem recommendations based on rating, StackOverflow-style discussions, and private chat for collaborative learning.
FlagRush
Web app where users practice bug-finding skills by capturing flags from intentionally vulnerable sites. Community for sharing findings and a leaderboard ranking top hunters.
k8s-platform
Kubernetes-native application for managing and orchestrating workloads. Custom controllers, declarative configs, tight integration with the cluster API.
competitive-coding
Solved 200+ algorithmic problems. Codeforces handle: shubh_197 · LeetCode: shubh200.
# responsibly-disclosed findings, ordered by date.
| DATE | SEVERITY | TARGET | FINDING |
|---|---|---|---|
| 2023 | CRITICAL | Boatzon | Business-logic flaw — 100% discount via price manipulation |
| # Users could manipulate the price field in checkout requests to apply a 100% discount. Reported with reproduction steps for swift resolution. | |||
| 2023 | HIGH | Swiggy | OTP bypass on partner-with-us subdomain |
| # Server returned the auth state in the response body without proper server-side enforcement — flipping a boolean granted login access. | |||
| 2023 | MEDIUM | Triple-A | 4× broken access control — privilege escalation to admin |
| # Found four endpoints where lower-privileged users could invoke admin-only functionality. Bundled into one disclosure with PoC for each. | |||
| 2023 | MEDIUM | Indeed | Open-redirect vulnerability |
| # Redirect parameter accepted external URLs without validation. Reported responsibly with allow-list mitigation suggestion. | |||