Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

Platform update: please use our new authentication mechanism to securely use the Open Bug Bounty Platform.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
 1,704,865 coordinated disclosures
1,383,436 fixed vulnerabilities
1,991 bug bounty programs, 3,919 websites
47,069 researchers, 1,651 honor badges

OpenBugBounty.org > Bug Bounty List > AnimeCons.com Bug Bounty Program

AnimeCons.com Bug Bounty Program

AnimeCons.com runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of AnimeCons.com

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between AnimeCons.com and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.animecons.co.uk
*.animecons.ca
*.scificons.com
*.costumecons.com
*.fancons.co.uk
*.fancons.ca
*.videogamecons.com
*.toycons.com
*.steampunkcons.com
*.furrycons.com
*.fantasycons.com
*.fancons.com
*.animecons.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

AnimeCons.com and FanCons.com are literally the same scripts on the same server. AnimeCons.com just filters out any conventions without anime programming...so there's no point to test both AnimeCons.com AND FanCons.com because if there's an issue on one site, it will be an issue on both...and when it's fixed on one, it will be fixed on both.

...so only test FanCons.com and don't even bother testing AnimeCons.com. Don't bother with the .ca or .co.uk TLDs either. They're literally the same site with the same scripts on the same server...just different title images.

Also, don't bother testing the forums either. I didn't write that software and will be turning that forum server off soon anyway. Any forum bug bounties that are logged will just be ignored. Don't waste your time or mine.

Testing Requirements:

Please don't keep slamming the submission forms over and over in attempts to find vulnerabilities. There have been some testers come to the sites (perhaps with good intentions, but maybe looking for vulnerabilities they can exploit themselves) who have submitted garbage data to the site literally THOUSANDS of times. All submitted data gets reviewed by a single human being and NEVER gets auto-posted...which means that one person has to go in and reject all those entries. If you do submit over 100 garbage form entries, don't be shocked if your IP gets blocked. If you send in a ton of garbage, YOU'RE NOT HELPING! One guy did this and then complained about being blocked (seen in reviews below). Again, don't go crazy and you'll be fine. Act like a malicious bot and you'll be blocked like a malicious bot.

...so please, don't keep slamming the submission forms.

Please don't use automated scanners like NexPloit...because that's sure to get you blocked.

Possible Awards:

Sorry, my sites don't bring in a lot of traffic and ad revenue barely pays the server bill. These sites are run by literally ONE guy in his spare time, so I'm unable to offer any monetary rewards of any kind at this time. If you're checking our sites and hoping for a payout, sorry...don't bother.

Special Notes:

If you contact our site claiming to have found some kind of vulnerability that can't be reported here and do not actually tell us the details on the vulnerability, we will treat it as spam or phishing and not respond.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

B4lc0n3s     13 May, 2020
    B4lc0n3s:
Can't submit to this program and they banned my IP when I found an authentication bypass vulnerability in their sites.

  Latest Patched

 26.04.2024 news.gov.mb.ca
 26.04.2024 mdanderson.org
 25.04.2024 seeu.edu.mk
 25.04.2024 xaxim.sc.gov.br
 25.04.2024 lacerdopolis.sc.gov.br
 24.04.2024 tap.mk.gov.lv
 23.04.2024 data.aad.gov.au
 23.04.2024 bitporno.to
 23.04.2024 sys01.lib.hkbu.edu.hk
 23.04.2024 srvm.gov.za

  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    22 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
    10 April, 2024
    Mars:
Hatim uncovered a XSS bug that we were able to quickly resolve. Thanks very much for your assistance and help.
    8 April, 2024
    Panthermedia:
Thanks to the support of Hatim Chabik, we were able to identify and solve an XSS bug.
    5 April, 2024
    pubpharm:
Pooja found a XSS vulnerability on our website and provided us with the needed Information for replication and fixing the issue. Which she verified afterwards.
We thank her for the reporting and assistance.
    2 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
Making Web a Safer Place
Coordinated & Responsible Disclosure
Based on ISO 29147 Guidelines

2023 © OpenBugBounty
  • Follow us