Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
533,910 coordinated disclosures
288,508 fixed vulnerabilities
739 bug bounties with 1,454 websites
15,009 researchers, 1071 honor badges

AndalucíaCERT Bug Bounty Program

AndalucíaCERT runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of AndalucíaCERT

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between AndalucíaCERT and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:

*.juntadeandalucia.es

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

At AndalucíaCERT, we understand that security is essential in maintaining the trust that Andalusian people place in their Government. Although our team works vigilantly to help keep information and systems secure, we recognize the important role that security researchers. If you are a security researcher and have discovered a security vulnerability in our website, we ask for your help in disclosing it to us in a responsible manner.

If you discover a site vulnerability, please notify us via OpenBugBounty website or emailing us to atencion.cert[at]juntadeandalucia.es. We encourage you to encrypt sensitive information; please see below for our public PGP key.

Testing Requirements:

Any vulnerability reports are welcome. When reaching out to us, please include:

- A detailed summary of the issue, including a list of steps for how we can reproduce it.
- Correct contact information, such as an email address, by which we can reach you in case we need more information.

We believe that responsible disclosure involves privately notifying us of any security vulnerabilities, and allowing us appropriate time to diligently address the vulnerabilities. We appreciate these types of research activities, but will not tolerate any actions that put our users or systems at risk:

- Do not attempt to access, modify, destroy, or disclose our users' information.
- Do not attempt to deface or degrade our services.
- Do not use security scanners against our net.
- Do not violate applicable law.

Possible Awards:

There are no awards contemplated, but if you can help us then thank you for your efforts.

Special Notes:

We encourage you to encrypt sensitive information you send to us as a part of your vulnerability disclosure. You can use our PGP key to send us sensitive information via atencion.cert[at]juntadeandalucia.es:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQINBFiZkxQBEADA04IxlQuBrhFBF7yuIWrGrnIJ5aGBNvYYMDNz/n5m24FYNLBK
lyTsg5NYJew0TcDZEQ/R4VLV3i+ICh1jQB9HmOmJJcncFte7ou+td2g20HrOXYnb
tgPHVVFnkJcmUim+wkOyPB5I55zFMpFX7kGHh9xMs0X0+q9DIRqDgGfpK8svLUgr
/EL7R0uXmKkh4fRPVjpXGdpKWFgUSTDPWsEtD7h0M9XCMx+qfxwzCMRhWZ4qN2Np
jd7m6m3DqtoVma7Qj4BkPMmGZ4XM3/GtoJXB0KjXR0LYpTZbY8ffqMxuGOzUVPgb
3FWAo7bXUMMXigmeLv3mKM8kCBQJ7zDoDmtcOFALY6pRZUtStUHRl2j2nxFfDhY4
OKSAnOtGm0KTA2V1DEqUJoaPRAh2fUX59pnN+qbUjluWY1IolYkgwwikPQvRIbSl
VsYZ1A8Gyn/uZWTMPY32WAlspDfpUIQ/h3dWlZUXgcySAffnIkGl4GFbN5DWLaod
vCt8Xb5Rt2oIh/tCLBdJHvh4ukHlKjxGIPJepmkPJzc5+d3P29tH+pCShZT7Rx90
uijkss1ojlMORof3BYk1Nf8mo861TFxBLJryvQj71BlOC/USmvbcj2ck8A7d4u/p
euI4Dg5UXcBi806wtoTX3xXAQmafF0qPHhmRZBNynAj71FixXd4ZMGzpnQARAQAB
tEdBdGVuY2nDs24gYSB1c3VhcmlvLiBBbmRhbHVjw61hQ0VSVCA8YXRlbmNpb24u
Y2VydEBqdW50YWRlYW5kYWx1Y2lhLmVzPokCPwQTAQIAKQUCWJmTFAIbIwUJCWYB
gAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJ0klPjkB+BJRAMQAJ1doCng
JzwGZwoEvbPe7XnJCMBoK7jWJlM6Vvx44O1iuqM57qJ6mfLIJ3CkLtlIw2MPde3y
sTISpgSXkeyupjf4iS7VUMk/jAss8CZmDHs32npqKWNtB+FDt13TYkUa+8cEGXlX
Z0Mm3cznsQyfosh4Cps5VIjSdLiNuh6wxARBsUa06dM+0GMYDjYLZbQXkjWNbVNP
gsZ/XckJ6G4oAAljf8oz/ssBXsdWQl4ypCkasYwoM7hGPd1B7MleinW1rXqsyMFd
FRbDSa35YBa0zZdA27lypXEj/f/qEuOkEckoc2dzQu6CIWkv9mY0ZIVCw9qbl7z/
jAYKhrni0zUwnS7+JBk6ZB92LoC3trgqMOOfhNd3GwM6XTB01zs6IHcCNKmSiy2F
uv7y7bOh/w8AThQ+NEDTvWxg/PHX+8E8C+RAoMiHxJkeCsG/3lZD0ZW5t2HIOf1O
tYN+mSSS7LtHp88S/BFp6H7XBLRNjUAnC7zjVoIBe9ctY1UqYlWY0GRdSoc4Oh2/
Cikj99e6qgCxUWPA3tx5cpBK1yCs7NaHt+QeDZvzugEl74+rpZoVHc+xAA8c+GkY
NYgGDMlHu00UgsQBJ7tPUKR30Q7kA3GUea4ka0RtGwOVAm9SmUfyKUZKjD0V9rvc
uXWMmwwAHrnGdGAuadmZ2ltIxVvHhmmpAbl2uQINBFiZkxQBEADEcFIGZBYtjKLo
vRuigynYX0JY+nkaoU52Wy8DTSRUZHlMGqGjuhAA9IpdNNBRO1ABUpx5u9DK85NM
dorx7sVprUFOA7Q6mpHyUXL1Lz9IkfMl/flNoC8XzCjmYbN9GC3oxSjl0JIkn42s
+9ktUNTf3WoraXkl3SAlZB+vH8nVnL/YEhnc1wuPx7UAKU4wWFhJaPkci99p3qwO
Sujlcf1pZNL4wKu0XX44gRUwKfLf4UGbZ4o1kgRLBx9CosUhgXCDa1NH9+cOlUiO
0bj4mNAr3KhCJGWT+XqQlGIDYPyhIgQRx5x6ok2JKqkMdqoxT4gQx2OiXwhYLwtc
0efxG34Yg3bFiuzfZ9eshNmphPuPpjMMnEaD+BWskCr95dLx5JBeHXN9ymtirl/r
bzF6gNEePwf2P0yOGvwWscQHONGi7wVDIn8QXnV5XK/RX//dAxuXzBnBn7J66BLu
iz0JXKX3KL4Tq4p2NragDJkl2vltXQFhHYXndNSy4Ee1JK8t+q/+Bhdy98OUnecp
XA5FV9JqwWJs+FCVjSCoUBdPMKRhe0K/jrpKFf6TVW5ptFKzuEcnUbckphR2FDq7
M0G3VmdjhDoJ+V96XJ2Z6MKkCzAaGA2RYyg6m1DjjmGT2jiOqt03b2KFsTW1SQUm
nJskgKW3s8bufEDi/eSCBepdGoT5SQARAQABiQIlBBgBAgAPBQJYmZMUAhsMBQkJ
ZgGAAAoJEJ0klPjkB+BJQGIP/1JrR/RgApnmoFFatRq96LNC1NktqnUDi7UfU9NH
F9vttqc06/vsRQpAlVGOq8R6IGUfPv17OC6Tn7LOEHUOJtzz9LMTcrhzRVAvzrs+
GmBhMLyDzcCf0O/+Z405vrvZ3PG/MJ+J1iC7XdM0RR3GpEicYGWFlMP9rE3NIYN1
1zL4Qpnd4R68JS9+faB884mrotTAwglhvepKGsxFvHfvHRn23Qh7QS9yVqR8HhNs
mn7C06TsQWeWqG+8FtPZr2VFFC2nhUMD7uxqo6N0O1dEjmgSNxCcKsNdjWQW7Qbr
Xhs1GSFes56/U8TuwwBjnkq6cKwFV1hNVi06KQIMJpdxPwTCqtYbaoTGTDmKtgOW
uHY+kKP+I3zRemnH2D8dTHQNZUXTkCb5rsKNUBRcgUEKxnRIZA7ry1uznnsud+C/
rC3Y8xj5Oq9PJ6h0Osomgrey5pUVN5XglUi2Zv6sVyrvdmA/fhflos1gXhx6gJJD
SYT1gNpbXxsW80QpLJnmVUKteIr1icRGY5iq/fFjmkzgieGc+pSBGS6JhNaBn3ob
QNmot/JpLl/2l2k0xUYncZA0/gs+iZQrewKiuyvSMMVVwyzxXa+GEb1pI6plh6tL
srexBypqm7widzG5iWC00u89K2lSItq6vpqGBGZ3yxJBthb1lJ1xNDFrVOdv4xmr
VVe0
=ONQi
-----END PGP PUBLIC KEY BLOCK-----

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 07.04.2020 axure.com.cn
 07.04.2020 apu.edu
 07.04.2020 sermoncentral.com
 07.04.2020 dinakaran.com
 07.04.2020 ranker.com
 06.04.2020 ac-grenoble.fr
 06.04.2020 prefeitura.sp.gov.br
 06.04.2020 cmb.fr
 06.04.2020 cdiscount.com

  Latest Blog Posts

04.04.2020 by Rando02355205
(Alibaba) message.alibaba.com [IDOR] - [Bug Bounty]
12.03.2020 by Rando02355205
(Paypal) www.paypal.com [CSP High Level] - [XSS Reflected] - [Bug Bounty] - [Write Up]
08.03.2020 by CybeReports
JDECO.net XSS Vulnerability| CybeReports
29.02.2020 by Rando02355205
(Google) groups.google.com - [Stored XSS] - [Bug Bounty] - [WriteUp] - [24/02/2020]
10.02.2020 by 0xrocky
Stored XSS on h2biz.net

  Recent Recommendations

    6 April, 2020
     chris05634528:
Jatin understood the importance of moving quickly and with discretion. He waited to until he found the right group to submit the details and provided easy-to-understand details.

As a result we have remediated the problem and have Jatin to thank.
    5 April, 2020
     christophmoar:
Cool and professional contact, quick response, I appreciate your effort.
Thanks!
    3 April, 2020
     KenDennis:
Brian helped to identify an XSS Vuln on a client's wordpress implementation and was quick and helpful to respond to our query. With his notes, we were able to quickly mitigate this issue and we appreciate his help and professionalism.
    2 April, 2020
     EmanuelePisapia:
I have really appreciated this researcher for his great skill and communication. He found a cross site scripting vulnerability on our service and help us fixing it. I recommend Broly157. He's a A++ researcher
    31 March, 2020
     reinisroz:
Thanks much, anguhari, for providing detailed information about XSS bug, found on our website. Highly recommended and professional security researcher!