Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
976,975 coordinated disclosures
615,439 fixed vulnerabilities
1,324 bug bounty programs, 2,655 websites
22,824 researchers, 1,310 honor badges

LAFI Bug Bounty Program

LAFI runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of LAFI

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between LAFI and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.eproo.com
*.lafi.fr

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Any issue concerning the lafi.fr web site (or its subdomains) may be reported

Testing Requirements:

Our web site security may block security scanners.
If you use one and get blocked, please contact us first.

Possible Awards:

Depending on the severity of the issue, we can make from a recommendation in your profile up to an IT gift (we are an IT reseller)

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

ramagiris1992     28 April, 2021
    ramagiris1992:
Hello,
I have found few bugs in your website. I would like to report those to you as security is major concern to everyone. So let me how can i report those bugs which cant be reported through OpenBugBounty. Hence let me know about it.
Regards,
Santhosh
[email protected]

  Latest Patched

 18.05.2021 bancodevenezuela.com
 18.05.2021 weglot.com
 18.05.2021 hjcp77.me
 18.05.2021 www2.cdc.gov
 18.05.2021 world68.com
 17.05.2021 freewebsubmission.com
 17.05.2021 aihami.com
 17.05.2021 lacentrale.fr
 17.05.2021 ces.tech
 17.05.2021 uniapp.me

  Latest Blog Posts

25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism
28.03.2021 by febin_rev
Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2 Buffer Overflow-CVE-2018–6892
10.02.2021 by Renzi25031469
Sysadminotaur nº88
10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard

  Recent Recommendations

@Onizuka961     16 May, 2021
    Twitter Onizuka961:
Thanks Jenny For Reporting issue for us , Very Professional , quick response
@philippejadin     14 May, 2021
    Twitter philippejadin:
Thank you for reporting an issue with the presentation website of the project and for the quick replies !
@DjMagrao_     11 May, 2021
    Twitter DjMagrao_:
Thanks for founding xss errors on my website and fixing then.
@DouglasRao42     10 May, 2021
    Twitter DouglasRao42:
Profissional competente que tem contribuído ativamente no campo da segurança da informação.
@obb20210429     6 May, 2021
    Twitter obb20210429:
Thanks for a quick and useful report that helped us find and resolve the issue.