Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,008,591 coordinated disclosures
630,356 fixed vulnerabilities
1,352 bug bounty programs, 2,708 websites
23,449 researchers, 1,317 honor badges

HighText Verlag Bug Bounty Program

HighText Verlag runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of HighText Verlag

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between HighText Verlag and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.onetoone.de
*.press1.de
*.hightext.de
*.versandhausberater.de
*.ibusiness.de

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

We accept any report describing a technical malfunction or unexpected behaviour with our publicly reachable ressources that is reproducable, results in a security risk for our personnell or users an lies within our responsibility. No Self-XSS, no scoial engineering. Currently no CSRF issues to prenvent duplicate submissions.

Testing Requirements:

Any testing that causes impact to the infrastructure or user experience due to resource usage disqualifies the submitter from any bounty. Please be carefull. Dont do nmap scans or other automated high volume pentesting on our networks.

Possible Awards:

We offer bug bounties starting at 30 euros via Paypal, starting with xss/csrf on the low end. Vulnerabilities that work across multiple of our domains or are caused by the same flaw (and therefore are fixed by the same patch) will only be rewarded once.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Reports can be sent to [email protected]

General Requirements:

We accept any report describing a technical malfunction or unexpected behaviour with our publicly reachable ressources that is reproducable, results in a security risk for our personnell or users an lies within our responsibility. No Self-XSS, no scoial engineering. Currently no CSRF issues to prenvent duplicate submissions.

Testing Requirements:

Any testing that causes impact to the infrastructure or user experience due to resource usage disqualifies the submitter from any bounty. Please be carefull. Dont do nmap scans or other automated high volume pentesting on our networks. Any attempt to modify or download data beyound requirements for the proof of concept of a vulnerability will also disqualify from any reward.

Possible Awards:

We offer bug bounties starting at 30 euros via Paypal, starting with xss/csrf on the low end. Vulnerabilities that work across multiple of our domains or are caused by the same flaw (and therefore are fixed by the same patch) will only be rewarded once.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 24.06.2021 meteociel.fr
 23.06.2021 itworld.co.kr
 23.06.2021 emmys.com
 23.06.2021 digitaljournal.com
 23.06.2021 royaloakindia.com
 22.06.2021 landesmuseen.sh
 22.06.2021 stylicy.com
 22.06.2021 wordplays.com
 22.06.2021 sallybeauty.com
 22.06.2021 classtools.net

  Latest Blog Posts

25.05.2021 by 0xrocky
Google XSS Game
25.05.2021 by ShivanshMalik12
Testing for XSS (Cross Site Scripting)
25.05.2021 by darklotuskdb
Easy XSS On Mostly Educational Websites Via Moodle
25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism

  Recent Recommendations

@Xupypr13     23 June, 2021
    Twitter Xupypr13:
Nagashree found a vulnerabilities on our web resource and acted ethically by reporting it to us, as well as providing the information we needed to reproduce the issue.

Thank you for pointing this out!
@darione90     19 June, 2021
    Twitter darione90:
Many thanks to garlet_marco for finding an XSS vulnerability on our website!
@RyanBoehm12     16 June, 2021
    Twitter RyanBoehm12:
Vighnesh Gupta was professional, considerate, and thorough in helping us resolve a security flaw on our website. He communicated with in a timely manner, and provided all necessary support to fix the issue. I highly recommend him.
@rus_cert     16 June, 2021
    Twitter rus_cert:
Thanks for informing us about the vulnerability and providing helpful details :-)
@Cyber91998806     16 June, 2021
    Twitter Cyber91998806:
He responded to my mails quickly and helped us how to fix the vulnerability in a professional way. I recommended this guy.