Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
746,435 coordinated disclosures
438,105 fixed vulnerabilities
1148 bug bounties with 2,200 websites
20,671 researchers, 1257 honor badges

Lidl Digital Bug Bounty Program

Lidl Digital runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Lidl Digital

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Lidl Digital and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.lidl-shop.sk
lidl-sklep.pl
lidlonline.es
*.lidl.de
*.lidl-shop.cz
*.lidl-shop.nl
*.lidl-shop.be

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

All kind of issues can be reported

Testing Requirements:

Dont use exessive brute force Scanners and dont fill out to many form fields, since it may create internal emails

Possible Awards:

nothing yet

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

jub0bs     6 December, 2019
    jub0bs:
I agree with Kenan. I've reported multiple vulnerabilities to Lidl in the past, and they made it clear to me that they don't give rewards, regardless of severity.
tbm     30 October, 2019
    tbm:
please remove this company from "bug bounty list", they don't have bug bounty, also as they promised they didn't reward

  Latest Patched

 22.01.2021 ecu.edu.au
 21.01.2021 liveauction.am
 21.01.2021 esto.nasa.gov
 21.01.2021 french-bookys.org
 21.01.2021 dmm.com
 21.01.2021 polimi.it
 20.01.2021 4gamer.net
 20.01.2021 splunk.com
 20.01.2021 tirebouchon.me
 20.01.2021 rand.org

  Latest Blog Posts

25.12.2020 by _Y000_
How to bypass mod_security (WAF)
10.12.2020 by _Y000_
sql injection to bypass Mod_Security
10.12.2020 by _Y000_
Create encoded sql payloads
26.10.2020 by _r00t1ng_
Bypass Addslashes using Multibyte Character
26.10.2020 by _r00t1ng_
One Payload to Inject them all - MultiQuery Injection

  Recent Recommendations

@hoshitabeman     21 January, 2021
    Twitter hoshitabeman:
It was very helpful for me to point out that I forgot to delete php.info!
@Azatotht     21 January, 2021
    Twitter Azatotht:
Thanks for pointing out a public phpinfo() on our website. A++
@vegasworld     21 January, 2021
    Twitter vegasworld:
Great Job from PRAMOD YADAV. Thanks to his advice we could fix a bug on our Website.
Thanks again!
Best wishes from Germany
@domenico     21 January, 2021
    Twitter domenico:
Thank you Pramod for pointing to the leftover .php file that shouldn't be there.
@seinemaritime     21 January, 2021
    Twitter seinemaritime:
Thank you Pramod for your report. Thank you also for the details in mail ! I recommend him !