Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
by The Hacker News

All Open Bug Bounty emails are sent only from openbugbounty.org domain being digitally signed. All others are fake. Learn more.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,247,982 coordinated disclosures
901,206 fixed vulnerabilities
1,589 bug bounty programs, 3,156 websites
28,485 researchers, 1,443 honor badges

RASP Bug Bounty Program

RASP runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of RASP

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between RASP and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.opineo.pl
*.autograf.pl
*.pulsembed.eu
*.forbes.pl
*.mediaimpact.pl
*.auto-swiat.pl
*.komputerswiat.pl
*.newsweek.pl
*.fakt.pl
*.businessinsider.com.pl
*.onet.pl

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

without destroying the site

Testing Requirements:

without destroying the site

Possible Awards:

recommendation for the researcher

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

<[email protected]>

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFw9vHcBCADNDjGyY25Nfguorb0zH2bZeSxvNWQVMXvAZr1MOzTsAt8pPJCS
lBQSu07ZZyso0mvOb8GcOuGT6vXf5nfL0lGGfT8aLtSUIW0cPjCfZO/LJusgHXNO
SgQqJ7QkHvMrirRKEWpI+UA/+ea60KaEHUNWnMHXQMwmv3I3Uznvq+4cK+Xe0cic
gHrmQQ4Ub2ciCpBtTZl4STlaN46nvZdhMPw1m9DRIxDzQZZ0/IaojxrdWV+rtF+r
GOBED4tkDIw/Azi/STcbGYgK9DzKmky2PdLqhOL+fwlAc+TQIgfmtC+Fac+ZJDW6
yshhbeS9G0EMEQwaUhrxuHIlxzdrB4mDYi7JABEBAAG0NlNlY3VyaXR5IFRlYW0g
PHNlY3VyaXR5LWFsZXJ0c0ByaW5naWVyYXhlbHNwcmluZ2VyLnBsPokBVAQTAQgA
PhYhBFX5+YRbiKli+30UOW7QdhBfjWnBBQJcPbx3AhsDBQkDw7k5BQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEG7QdhBfjWnBLUcH/jbmFVaX3t+RPeabqybUyfYg
aaC9vldhd+pf/UiyEYc2J94Ta6S3WOtlODJFxFH3/nsoff9CD4jXiuxiJfJccI56
I3hLBrOPxSwXkdssvUgzccIKVFsqQBbcAXENvXBZ1/L3lAj01+4TLmisFggdSSjZ
0+WTrTCh3pj31iUOvPPSvHqPZmwaKCIOVax96iPA+z5gTWCznP/YbwMswMzMlUeu
+/M/UErRTbYJ7tJrctJoB236sHmRPEKj/xJqcpOVFWZN2oU1XFqqpIGHUndGa49D
Xy2UMzvZ7MbrFNOKZvPJPYOEEvPwOjiOYKZTUm6qZ+MX+84GSGaIUMcPlwAsxES5
AQ0EXD28dwEIAL3bdILTEek3vnjIbiw2Wt1lPEaQClBdff09xxuCjn6+LpARubSZ
BIaEUB/Y9S7vFdBX0o5NGZbGfOBzOlnr6YJM2Ura2V/WuLu+VsYbZ9RsUqsUqPCJ
0BRZ9pq3arOde7c3pWfnPkn/gj+8UyMf/BtrGSLVf7ZhyVyQHml4ItzyTzPnPQWf
k4k7JfGI+GI0GhWWq8BUR8s5TQbWxyAXUFiPQF+2wpDlYp4yQ4p/fV9D1MmJGELJ
0xKjkdixzKKRXtf8ZEE4dt/aEW3gGYRxfQp3OqvEF2+9SX/kLEGG/YQBw7E5rThC
wISNtI7cG4I64sl+LaeQPHVCXHN6RaGXvHcAEQEAAYkBPAQYAQgAJhYhBFX5+YRb
iKli+30UOW7QdhBfjWnBBQJcPbx3AhsMBQkDw7k5AAoJEG7QdhBfjWnBtF0IAKK/
drUI1s77+PZTvz2vb5fgwM6X7cSaMU7TwkEjG+lMRnP7btkzHPdUkSQcx5XcTn2T
JfT01kV6WswW5krnFvmyVFDkdmvV+DS9y43l9vBN6esmP5BEXUvu+oHrv9/rCde9
gq2HMKYwde8Nlz//1P62glaSWaC5SnyJBBzpnbyTNriU4T5l5Ram1cu3Kd0N9m+U
bkkQAsapd5l1f+TBfP+keYMyZNbUosWkAJkaXII7wpdm0qL40U8/5KyTKxVIwwJ/
d62WcENdfCoscW7Z9Jj61IAP35gdJ75hMe5i5BukctLLXZiMwBW3RHhMDdxQ/OrO
fmKS2JZMStGnXJohLys=
=Vupk
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

without destroying the site

Testing Requirements:

without destroying the site

Possible Awards:

without destroying the site

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 28.06.2022 01net.com
 28.06.2022 law.gov.cy
 28.06.2022 eeagrants.gov.cy
 26.06.2022 fire.ak.blm.gov
 26.06.2022 moodle.vnc.qld.edu.au
 26.06.2022 animalpornrocks.co
 26.06.2022 oae.vic.edu.au
 26.06.2022 c-ad.bnl.gov
 26.06.2022 hitbullseye.com
 26.06.2022 taito.edu.turku.fi

  Latest Blog Posts

15.02.2022 by sepkatpro
Ultimate XSS Polyglot
11.11.2021 by mistry4592
The Most used Chrome Extensions are Used For Penetration Testing.
08.10.2021 by NNeuchi
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
26.08.2021 by PyaePhyoThu98
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty

  Recent Recommendations

@TiagoGuedesEGo1     20 June, 2022
    Twitter TiagoGuedesEGo1:
shashank_bhure made us aware of several security vulnerabilities that represented security flaws of several degrees and needed to be rectified.

It was a pleasure working with you and I hope we can work again in the future, Thank you!
@TiagoGuedesEGo1     20 June, 2022
    Twitter TiagoGuedesEGo1:
chackmate made us aware of several security vulnerabilities that represented security flaws of several degrees and needed to be rectified.

It was a pleasure working with you and I hope we can work again in the future, Thank you!
@TiagoGuedesEGo1     15 June, 2022
    Twitter TiagoGuedesEGo1:
Hardik_850 made us aware of several security vulnerabilities that represented security flaws of several degrees and needed to be rectified.

It was a pleasure working with you and I hope we can work again in the future, Thank you!
@DeBuecher     3 June, 2022
    Twitter DeBuecher:
Peter was of good help
@salmankhan2016     26 May, 2022
    Twitter salmankhan2016:
thanyou security_helper5