Lista site-urilor care au un program Bug Bounty

dekeeu · August 16, 2013

QIWI https://static.qiwi.com/en/doc/ethic_hack.pdf

1800$ pentru RCE/SQLi si 100$ pentru un xss, haha ....

B7ackAnge7z · August 16, 2013

1800$ pentru RCE/SQLi si 100$ pentru un xss, haha ....

Probabil, nu ai v?zut companii care nu-?i ofer? nimic, sau mai r?u, te amenin?? cu judecata?! În fine, fiecare companie ofer? exact atât cât crede de cuviin??, iar utilizatorii singuri aleg — $2k/lun? de la Google sau $9k într-o singur? zi de la o companie necunoscut?.

dekeeu · August 16, 2013

Nu e vorba de asta dar programul lor e total ambiguu. Nu poti cataloga un xss de exemplu la fel de important ca un open url redirect.

Sau pentru o metoda de bypass la `Two-factor authentication` sa dai 4000$, unde pana la urma grupul tinta de utilizatori in vederea unui atac e destul de mic, iar la un SQLi sa dai 1000$ cu care poti extrage toata baza de date cu toti utilizatorii .

B7ackAnge7z · August 16, 2013

Nu e vorba de asta dar programul lor e total ambiguu. Nu poti cataloga un xss de exemplu la fel de important ca un open url redirect.
Sau pentru o metoda de bypass la `Two-factor authentication` sa dai 4000$, unde pana la urma grupul tinta de utilizatori in vederea unui atac e destul de mic, iar la un SQLi sa dai 1000$ cu care poti extrage toata baza de date cu toti utilizatorii .

Îmi cer scuze, îns? nu am în?eles din start mesajul t?u. Totu?i, „dup? culise” se vede mai bine — po?i oferi chiar ?i $9000k pentru un SQL-injection atunci când ?tii c? aplica?ia ta salveaz?/cite?te datele doar în/din fi?iere text.

florin_darck · August 22, 2013

Wordfence Bug Bounty: Get a $146 Wordfence Premium 5 year license per bug. | Wordfence Blog

Fi8sVrs · October 3, 2013

Yahoo to pay up to $15,000 for bug finds after 't-shirt gate' scandal - IT News from V3.co.uk

daatdraqq · October 3, 2013

Yahoo to pay up to $15,000 for bug finds after 't-shirt gate' scandal - IT News from V3.co.uk

Ceva oficial cu .yahoo.com in coada ?

Fi8sVrs · October 13, 2013

Ceva oficial cu .yahoo.com in coada ?

Update - 2 October 2013:
Yahoo has now rushed forward its plans to reward researchers: "So rather than wait any longer, we’ve decided to preview our new vulnerability reporting policy a bit early." There are five main areas to the new policy: improved reporting, improved validation, improved remediation, the implementation of a 'hall of fame' – and a reward scheme paying between $150 - $15,000. The small print on the new policy hasn't been finalised, and the scheme will be formally launched on October 31, 2013.

posibil sa apara pe 31 oficial

https://www.htbridge.com/news/what_s_your_email_security_worth_12_dollars_and_50_cents_according_to_yahoo.html

====================================================================

Google:

On October 9, 2013, we announced a new, experimental program that rewards proactive security improvements to select open-source projects. This effort complements and extends our long-running vulnerability reward programs for Google web applications and for Google Chrome.

https://www.google.com/about/appsecurity/patch-rewards/

Edited October 13, 2013 by Fi8sVrs

akkiliON · October 13, 2013

So I’m the guy who sent the t-shirt out as a thank you. | Yahoo! Developer Network

The small print on the revised policy isn’t quite final. We will release the new policy by October 31, 2013. In the meantime, the benefits of the policy will be implemented retroactively back to July 1, 2013. If you submitted something to us and we responded with an acknowledgement (and probably a t-shirt) after July 1st, we will reconnect with you about this new program. This includes, of course, a check for the researchers at High-Tech Bridge who didn’t like my t-shirt.