IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [bug-bounty]

Related to design, workings and operation of bug bounty programs. DO NOT use for questions about specific vulnerabilities, attack methods or anything unrelated to the mechanics of vulnerability reward programs.

A bug bounty program (BBP) or vulnerability reward program (VRP) is an offer made by a company to reward individuals for reporting vulnerabilities in their websites or software products.

48 questions
3
votes
3 answers

How should we implement responsible discovery program internally only for our organization employees?

We experienced a very interesting phenomenon in the last 6 months and that is that some employees found and reported to our security teams few very crucial security issues. We were thinking about encouraging this type of behavior (we think employees…
Filipon
  • 1,204
  • 10
  • 22
3
votes
0 answers

Is possible attack vector?

So I was bored and decided to get into some bug bounty hunting. I went on a website that has a bug bounty program and this website is for downloading apps. I went to the enter a gift card code field and targeted it in Intruder in Burp Suite. Loaded…
Edward Severinsen
  • 189
  • 6
2
votes
0 answers

Does Windows Server ship with any sensitive images in the filesystem?

I'm working with an interesting vulnerability I found which enables local file inclusion (LFI) on a target server. In summary, there is a PDF generation API endpoint which accepts an HTML string as input. In return, it will render the HTML and spit…
Daniel
  • 21
  • 3
2
votes
1 answer

What to do if bug bounty program is unresponsive?

Over a year ago, I have reported a few security vulnerabilities to one of the top bug bounty programs on HackerOne. All of them have been quickly triaged as critical, but no progress was made towards their resolution. I have repeatedly pinged them…
user252156
2
votes
2 answers

Password reset link vs Temporary password

Which is harder to exploit: Password reset link with tokens/timestamps/code/ticket etc Or, temporary password sent on user mail using which login can be done and password can be changed. Any suggestions on how they can be exploited please?
user228198
  • 21
  • 1
2
votes
1 answer

Platform Identification In Bug Bounty

What is the importance of identifying our target's web platform? I have recently watched the video 'DEF CON 23 - Jason Haddix - How to Shot Web: Web and mobile hacking in 2015' from youtube and he highlighted the importance of platform…
Emanuel Beni
  • 133
  • 8
2
votes
0 answers

Ethical Hacking/Bug Bounty programs: Best way to get started professionally?

I am self-employed (degree in computer science) and I have been fighting a serious illness for the past several years (and still am) which makes it pretty much impossible to take on client projects as my health is just too erratic and…
khaos
  • 121
  • 2
2
votes
1 answer

CSRF Testing. Validation Error 422. Locale Required

So I'm testing this site for coursework and I think it might be vulnerable CSRF however when I try to make a post request I get a validation error which says "locale" is required despite me specifying it in the request. Here's the form source…
光量子
  • 21
  • 1
2
votes
2 answers

Contacting customers of vulnerable software, is it wrong?

Say you're a security researcher who finds vulnerabilities and reports them to vendors to try and receive a bug bounty. If the vendor is not willing to pay any bounty for any vulnerability, you simply don't disclose the bug and keep it private. The…
David Davidson
  • 23
  • 3
1
vote
1 answer

Worst-case scenario OPEN URL REDIRECTION and why google not covering it in bug bounty

OPEN URL REDIRECTION as per in my opinion can be proved very dangerous by crafting attacks such as phishing. But it seems like google thinks it as a very low level bug and does not provide any monetary reward for this. So my question comes here into…
user38257
  • 105
  • 1
  • 1
  • 5
1
vote
1 answer

Does .NET Framework have a bounty program?

The Microsoft .NET Bounty Program states that "Vulnerabilities in the .NET Framework, or any ASP.NET framework running on .NET Framework (Webforms or MVC)" is out of scope. Is .NET Framework covered by another bounty program? Or is just considered…
TN.
  • 153
  • 5
1
vote
0 answers

Automating Clickjacking Attack

I found a clickjacking issue in a site and the site security team said me that i would require unusual user interaction. So I wrote a code above the iframe but I was not successful in achieving it. The site had two sensitive buttons which must be…
None_None
  • 45
  • 5
1
vote
1 answer

What are criteria and rules to determine bug bounty amounts?

How is the reward amount determined on different bug bounty platforms like Bugcrowd, HackerOne or Synack? As a bug bounty program owner I can maybe define some rules for the rewards. What are the common, established rules and how do the different…
haba713
  • 215
  • 2
  • 7
1
vote
0 answers

Report security vulnerability

I need to understand how to report a security vulnerability on a web application, given the website owners have no such bug bounty programs. Brief information on target: The website is built to support a small business. Their business impact may be…
mykpc
  • 21
  • 2
1
vote
1 answer

Probing Unsubscribe Link Vulnerabilities

I'm interested in testing the security of 'Unsubscribe' links embedded in emails sent to customers by large companies. I'm targeting companies participating in a certain bug bounty program, and my question is about scope: If I think I've discovered…
jandek
  • 11
  • 3
1
2
3 4