Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,006,104 coordinated disclosures
628,905 fixed vulnerabilities
1,348 bug bounty programs, 2,698 websites
23,362 researchers, 1,318 honor badges

Le Moulin Monjonc Bug Bounty Program

Le Moulin Monjonc runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Le Moulin Monjonc

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Le Moulin Monjonc and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.lemoulinmonjonc.fr

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Program rules
The tests should never impact other users or our infrastructure.
The tests are limited to the sites and services which are managed directly by us. We will not accept reports about third-party services.
Does not take any action that could harm the reliability or integrity of our services and our data. Examples of harmful activities prohibited within the framework of this bug hunt include: brute force attack, denial of service (DoS), spam, temporal attack, etc.
No information regarding the problems found can be disclosed or shared until we have completed our investigation and resolved the problem. After confirmation, you are free to archive and publish the information you have on the issue in accordance with us.

Testing Requirements:

Do not use scanners or automated tools to find vulnerabilities.

Possible Awards:

Depending on the importance of the issue, contact us at [email protected]

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

[email protected]

General Requirements:

Program rules
The tests should never impact other users or our infrastructure.
The tests are limited to the sites and services which are managed directly by us. We will not accept reports about third-party services.
Does not take any action that could harm the reliability or integrity of our services and our data. Examples of harmful activities prohibited within the framework of this bug hunt include: brute force attack, denial of service (DoS), spam, temporal attack, etc.
No information regarding the problems found can be disclosed or shared until we have completed our investigation and resolved the problem. After confirmation, you are free to archive and publish the information you have on the issue in accordance with us.

Testing Requirements:

Do not use scanners or automated tools to find vulnerabilities.

Possible Awards:

Depending on the importance of the issue, contact us at [email protected]

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

AbhishekMorla     1 July, 2020
    AbhishekMorla:
Thank you for your quickest response.

  Latest Patched

 21.06.2021 govtech.com
 20.06.2021 gdrfad.gov.ae
 20.06.2021 realcommercial.com.au
 20.06.2021 allofustec.nnlm.gov
 19.06.2021 getchu.com
 19.06.2021 explorelearning.com
 19.06.2021 fibre2fashion.com
 19.06.2021 tme.eu
 18.06.2021 www1.caixa.gov.br
 18.06.2021 butantan.gov.br

  Latest Blog Posts

25.05.2021 by 0xrocky
Google XSS Game
25.05.2021 by ShivanshMalik12
Testing for XSS (Cross Site Scripting)
25.05.2021 by darklotuskdb
Easy XSS On Mostly Educational Websites Via Moodle
25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism

  Recent Recommendations

@darione90     19 June, 2021
    Twitter darione90:
Many thanks to garlet_marco for finding an XSS vulnerability on our website!
@RyanBoehm12     16 June, 2021
    Twitter RyanBoehm12:
Vighnesh Gupta was professional, considerate, and thorough in helping us resolve a security flaw on our website. He communicated with in a timely manner, and provided all necessary support to fix the issue. I highly recommend him.
@rus_cert     16 June, 2021
    Twitter rus_cert:
Thanks for informing us about the vulnerability and providing helpful details :-)
@Cyber91998806     16 June, 2021
    Twitter Cyber91998806:
He responded to my mails quickly and helped us how to fix the vulnerability in a professional way. I recommended this guy.
@contactsplus     15 June, 2021
    Twitter contactsplus:
Tuhin reported 3 valid vulnerabilities to us of severities High, Medium and Low.

He was very professional and helped us recreate the issues until we were able to verify.
He was awarded a bounty for his efforts.

Thank you Tuhin!

Contacts+ Security Team.