Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 438,902 coordinated disclosures
235,537 fixed vulnerabilities
589 bug bounties with 1186 websites
11,912 researchers, 950 honor badges

Emailresponder.eu Bug Bounty Program

Emailresponder.eu runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Emailresponder.eu

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Emailresponder.eu and researchers.

Bug bounty program allow all submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

emailresponder.eu

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Emailresponder.eu is an auto responder web application and thus stores very important user data.

We're especially interested in anything could be a threat to our system integrity and security.

Non intrusive vulnerabilities we're interested into:

- XSS
- CSRF
- Open Redirect
- Improper Access Control
- Credential stealing

etc..

Not interested in:

- Self XSS
- DDOS (please don't, its just lame)

Testing Requirements:

Feel free to use any tool as long as you don't compromise the system integrity (yes, you can use automated tools too).

Possible Awards:

I don't make any money from this site (on the opposite it costs me money), thus the only award i can give away is a mention on the site (if you wanna also have a link to any personal webpage, i'm fine with it).

Special Notes:

Both backend and frontend are hosted on some cheap VPS, please be patient cause it might be slow sometimes.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Please directly notify [email protected] if you find any vulnerability found by intrusive testing (i.e. code injection).

General Requirements:

Also, i'm interested in any other vulnerability at any other level:

- code injection (both SQL and C#)
- possible exploits/abuse of any of the site functions
- directory traversal
- apache or any other service crashing due to user input
- exploits on the server machine
- gaining unauthorized access to the server in any way

Testing Requirements:

Feel free to use port scans, metasploit and any other tool you feel appropriate to explore my system or any of the services running on it, but try to not compromise system integrity or service availability.

Please advise if you're going to do something that you're aware it might be potentially dangerous for the integrity of the system.

Possible Awards:

I don't make any money from this site (on the opposite it costs me money), thus the only award i can give away is a mention on the site (if you wanna also have a link to any personal webpage, i'm fine with it).

Special Notes:

Both backend and frontend are hosted on some cheap VPS, please be patient cause it might be slow sometimes.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 23.09.2019 forebet.com
 23.09.2019 schnittberichte.com
 23.09.2019 vogue.es
 22.09.2019 sonovente.com
 22.09.2019 xe.gr
 22.09.2019 paisdelosjuegos.com.ar
 21.09.2019 thermofisher.com
 21.09.2019 ewg.org
 21.09.2019 uvm.edu
 21.09.2019 123test.com

  Latest Blog Posts

18.09.2019 by Leon
SSRF | Reading Local Files from DownNotifier server
13.09.2019 by drok3r
Collection of information | Google Hacking and Dorks basic
09.09.2019 by DakkarKey
New and Powerful XSS scan tool - XSpear
05.09.2019 by MiguelSantareno
Wordpress basic auditing
05.09.2019 by MiguelSantareno
Payloads for all type off web attacks

  Recent Recommendations

    20 September, 2019
     pacotix:
Thanks for your finding! You have helped make our site more secure. Thanks for your great collaboration :)
    20 September, 2019
     ChipZ_de:
Gh05tPT has found an XSS vulnerability on one of our pages.

He is very helpful and responded very quickly. I really appreciate it. Thank you very much.
    20 September, 2019
     UUCSIRT:
Thank you for your vulnerability report!
/Hans Liss, Uppsala university
    20 September, 2019
     ashleyhindle:
Thank you so much for highlighting the vulnerability, it really helped!
    19 September, 2019
     YstreamTV:
Thanks for reporting the bug, can you recheck this, hope that is fixed.