Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,026,790 coordinated disclosures
637,629 fixed vulnerabilities
1,370 bug bounty programs, 2,758 websites
23,967 researchers, 1,324 honor badges

Dark Society Penetration Hub Bug Bounty Program

Dark Society Penetration Hub runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Dark Society Penetration Hub

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Dark Society Penetration Hub and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.darksocietypenetration.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

If the vulnerability has a low security risk, DSPH may decide not to give a credit. Example of this kind of vulnerabilities are:

(i) Version banners on public services
(ii) Files and folders accessible to the public with non-sensitive information
(iii) Click jacking on pages without log-in function
(iv) Cross-site request forgery (CSRF) on forms accessible anonymously
(v) Absence of ‘secure’ / ‘HTTP Only’ flags on non-sensitive cookies
(vi) Use of HTTP OPTIONS Method
(vii) Host Header Injection
(viii) Absence of SPF, DKIM and DMARC records
(ix) Presence of xmlrpc.php or wp-cron.php
(x) Weak password policy
(xi) Any vulnerability that requires unlikely user interaction for example a cross-site scripting flaw that requires the victim to manually type a XSS payload into an input field.

Testing Requirements:

You may not engage in testing that
(i) degrades DSPH's systems,
(ii) allows you or any third party to access, store, share, or destroy DSPH's or our customer data, or
(iii) has a negative impact on DSPH's customers, such as denial of service, social engineering, or spam.
Without DSPH's prior written approval, you may not publicly disclose your findings or the contents of your Submission in any way.

Possible Awards:

Recommendation on OpenBugBounty
Credits on our website at: darksocietypenetration.com/bug-bounty-program/

Special Notes:

Please use this email: [email protected] to send vulnerability report rather than through the OpenBugBounty platform.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

[email protected]

General Requirements:

If the vulnerability has a low security risk, DSPH may decide not to give a credit. Example of this kind of vulnerabilities are:

(i) Version banners on public services
(ii) Files and folders accessible to the public with non-sensitive information
(iii) Click jacking on pages without log-in function
(iv) Cross-site request forgery (CSRF) on forms accessible anonymously
(v) Absence of ‘secure’ / ‘HTTP Only’ flags on non-sensitive cookies
(vi) Use of HTTP OPTIONS Method
(vii) Host Header Injection
(viii) Absence of SPF, DKIM and DMARC records
(ix) Presence of xmlrpc.php or wp-cron.php
(x) Weak password policy
(xi) Any vulnerability that requires unlikely user interaction for example a cross-site scripting flaw that requires the victim to manually type a XSS payload into an input field.

Testing Requirements:

You may not engage in testing that
(i) degrades DSPH's systems,
(ii) allows you or any third party to access, store, share, or destroy DSPH's or our customer data, or
(iii) has a negative impact on DSPH's customers, such as denial of service, social engineering, or spam.
Without DSPH's prior written approval, you may not publicly disclose your findings or the contents of your Submission in any way.

Possible Awards:

Recommendation on OpenBugBounty
Credits on our website at: darksocietypenetration.com/bug-bounty-program/

Special Notes:

Please use this email: [email protected] to send vulnerability report rather than through the OpenBugBounty platform.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 25.07.2021 oregon.gov
 24.07.2021 oic.go.th
 24.07.2021 smartspace.ws
 24.07.2021 contratos.gov.co
 24.07.2021 urbancompany.com
 24.07.2021 suamusica.com.br
 23.07.2021 great.gov.uk
 23.07.2021 institutoisotur.edu.pe
 23.07.2021 ipva.rs.gov.br
 23.07.2021 ncaa.org

  Latest Blog Posts

14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty
25.05.2021 by 0xrocky
Google XSS Game
25.05.2021 by ShivanshMalik12
Testing for XSS (Cross Site Scripting)
25.05.2021 by darklotuskdb
Easy XSS On Mostly Educational Websites Via Moodle
25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability

  Recent Recommendations

@pentestinghub     23 July, 2021
    Twitter pentestinghub:
Thank you chenzhen for making us aware of a vulnerability that was previously unknown to us.

It was a pleasure working with him, Thank you!

Thanks & Regards
Tuhin Bose
Chief Information Security Officer
DSPH
@Synthesys3     15 July, 2021
    Twitter Synthesys3:
Thanks Tw0F0rty for making me aware of a vulnerability involving an apparently innocuous log report on my website :)
@MPDL     15 July, 2021
    Twitter MPDL:
Thank you for your detailed report. With your support we were able to fix the vulnerabilities.
@MPDL     13 July, 2021
    Twitter MPDL:
Thanks a lot 0xrocky for identifying the vulnerabilities and alert us. Great security researcher to work with. Keep up the good work!
@SchmitzNicolas2     13 July, 2021
    Twitter SchmitzNicolas2:
Thx for your help in securing this website.