.wrapper { display:none; } .footer { display:none; } body { -ms-overflow-style: scrollbar; overflow-y: scroll; overscroll-behavior-y: none; } .errorContainer { background-color: #FFF; color: #0F1419; max-width: 600px; margin: 0 auto; padding: 10%; font-family: Helvetica, sans-serif; font-size: 16px; } .errorButton { margin: 3em 0; } .errorButton a { background: #1DA1F2; border-radius: 2.5em; color: white; padding: 1em 2em; text-decoration: none; } .errorButton a:hover, .errorButton a:focus { background: rgb(26, 145, 218); } .errorFooter { color: #657786; font-size: 80%; line-height: 1.5; padding: 1em 0; } .errorFooter a, .errorFooter a:visited { color: #657786; text-decoration: none; padding-right: 1em; } .errorFooter a:hover, .errorFooter a:active { text-decoration: underline; } #placeholder, #react-root { display: none !important; } body { background-color: #FFF !important; }

JavaScript is not available.

We’ve detected that JavaScript is disabled in this browser. Please enable JavaScript or switch to a supported browser to continue using openbugbounty.org.

2023 © OpenBugBounty

Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

All Open Bug Bounty emails are sent only from openbugbounty.org domain being digitally signed. All others are fake. Learn more.

For Researchers

Frequently Asked Questions Read the FAQ to get best experience with our platform	Write a Blog Post Write a blog post to share your knowledge and get kudos
Browse Bug Bounty Programs Browse active bug bounty programs run by website owners	Report a Vulnerability Report and help remediate a vulnerability found on any website

How it Works

Download presentation and learn
how our platform works

PDF, 500kb

For Website Owners

FAQ: For Website Owners Start here to ensure smooth collaboration with the security researchers	Start a Bug Bounty Start your bug bounty program at no cost and leverage crowd-security testing
FAQ: For Bug Bounty Owners Read how to maximize your ROI from crowd-security testing

How it Works

Download presentation and learn
how our platform works

PDF, 500kb

About

About the Project Read about Open Bug Bounty history, values and mission	API Request National CERTs and law enforcement agencies may request our API
Frequently Asked Questions Review the most popular questions about the project	Contact Us Get in touch

How it Works

Download presentation and learn
how our platform works

PDF, 500kb

Hall of Fame
Forum

OpenBugBounty.org > Bug Bounty List > Lidl Digital Bug Bounty Program

Lidl Digital Bug Bounty Program

Lidl Digital runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Lidl Digital

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Lidl Digital and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.lidl-shop.sk

lidl-sklep.pl

lidlonline.es

*.lidl.de

*.lidl-shop.cz

*.lidl-shop.nl

*.lidl-shop.be

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

All kind of issues can be reported

Testing Requirements:

Dont use exessive brute force Scanners and dont fill out to many form fields, since it may create internal emails

Possible Awards:

nothing yet

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Researcher's comments

6 December, 2019

jub0bs:

I agree with Kenan. I've reported multiple vulnerabilities to Lidl in the past, and they made it clear to me that they don't give rewards, regardless of severity.

30 October, 2019

tbm:

please remove this company from "bug bounty list", they don't have bug bounty, also as they promised they didn't reward

Latest Patched

29.05.2023 nwtt.waves.nsw.gov.au

28.05.2023 alea.bombeiros.mg.gov.br

28.05.2023 dpie.nsw.gov.au

28.05.2023 issm.camacari.ba.gov.br

28.05.2023 snigurivka.mk.gov.ua

28.05.2023 camaramirass...te.mt.gov.br

28.05.2023 mail.cmarame.ma.gov.br

28.05.2023 screen.nsw.gov.au

28.05.2023 forecast.waves.nsw.gov.au

28.05.2023 aguasdesaopedro.sp.gov.br

Latest Blog Posts

16.01.2023 by itsvarmakollu
XSS vulnerabilities discovered in ServiceNow - CVE-2022-38463

16.01.2023 by itsvarmakollu
Turning cookie-based XSS into account takeover

08.07.2022 by 4websecurity
CVE 2022-29455 is still affecting millions of Wordpress sites

08.07.2022 by kh4sh3i_
Zabbix - SAML SSO Authentication Bypass

08.07.2022 by FR13ND0x7F
The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Recent Recommendations

@DelganGeor63536

26 May, 2023

DelganGeor63536:

navreet1425 was professional in his vulnerability disclosure.I really appreciates his work.

@Harpree66584431

26 May, 2023

Harpree66584431:

Thank you for finding vulnerability in our website

@MinasPergantis

23 May, 2023

MinasPergantis:

Thank you for your help in ensuring the security of our domain and its visitors! Your contributions are invaluable.

@franky1302

17 May, 2023

Thanks Khan Janny for letting us know and fix the issue.

@BenjaminSponsor

11 May, 2023

BenjaminSponsor:

Thanks for making me aware Alex!

Making Web a Safer Place

Coordinated & Responsible Disclosure

Based on ISO 29147 Guidelines

2023 © OpenBugBounty