Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,008,572 coordinated disclosures
630,355 fixed vulnerabilities
1,352 bug bounty programs, 2,708 websites
23,448 researchers, 1,317 honor badges

RivalScan Intelligence Bug Bounty Program

RivalScan Intelligence runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of RivalScan Intelligence

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between RivalScan Intelligence and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

rivalscan.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

THIS PROGRAM/LISTING IS A PLACEHOLDER - WE ARE CURRENTLY IN BETA AND NOT OFFERING PAID SERVICES TO CUSTOMERS. REWARDS WILL BE GRANTED ONCE OUT OF BETA (EXPECTED DATE TBD)

RivalScan is mostly interested in bugs pertaining to rivalscan.com/app/ which houses client and other proprietary data.

Exclusions to this program include self-authorization such as self-XSS.

More details TBD.

Testing Requirements:

RivalScan does not authorize researchers to make any attempts with automated tools or otherwise that could disrupt services by flooding them with requests. Additionally, invasive or intrusive testing that violate openbugbounty rules are not condoned.

Possible Awards:

RivalScan is dedicated to award those who work hard to make the web a better place. We want to incentivize White-Hat researchers for being the honest and professional security experts they are. Although we are a startup and have very limited budgets we will strive to reach a mutually accepted award based on the severity of the vulnerability.

Possible rewards include but are not limited to:

-----------------
- High Severity -
-----------------
- PayPal Compensation
- Other Forms of Monetary Compensation
- Account Upgrades on our platform to assist you in finding more bugs (continuous credits)
- Honorable Mention on our Bug Bounty Hall Of Fame (including link)
- Shout out on our Social Media
- Free RivalScan Swag/Merch

-----------------------
- Low/Medium Severity -
-----------------------
- Honorable Mention on our Bug Bounty Hall Of Fame
- Credits on our platform to assist you in finding more bugs
- Shout out on our Social Media
- Free RivalScan Swag/Merch

Special Notes:

THIS PROGRAM/LISTING IS A PLACEHOLDER - WE ARE CURRENTLY IN BETA AND NOT OFFERING PAID SERVICES TO CUSTOMERS. REWARDS WILL BE GRANTED ONCE OUT OF BETA (EXPECTED DATE TBD) PLEASE DO NOT SUBMIT BUGS YET.

RivalScan reserves the the right in its sole discretion to offer rewards based on the severity of the breach. We reserve the right to deny any/all rewards for any reason. A submission to this program/listing does not automatically entitle you to financial or other compensation.

Any breach of the OpenBugBounty rules or the terms listed here disqualify researchers from rewards and void any/all agreements made (written or otherwise). Terms of this program are subject to change at RivalScan's discretion without notification of involved parties. By submitting a bug report you explicitly agree to all terms listed.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 24.06.2021 meteociel.fr
 23.06.2021 itworld.co.kr
 23.06.2021 emmys.com
 23.06.2021 digitaljournal.com
 23.06.2021 royaloakindia.com
 22.06.2021 landesmuseen.sh
 22.06.2021 stylicy.com
 22.06.2021 wordplays.com
 22.06.2021 sallybeauty.com
 22.06.2021 classtools.net

  Latest Blog Posts

25.05.2021 by 0xrocky
Google XSS Game
25.05.2021 by ShivanshMalik12
Testing for XSS (Cross Site Scripting)
25.05.2021 by darklotuskdb
Easy XSS On Mostly Educational Websites Via Moodle
25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism

  Recent Recommendations

@Xupypr13     23 June, 2021
    Twitter Xupypr13:
Nagashree found a vulnerabilities on our web resource and acted ethically by reporting it to us, as well as providing the information we needed to reproduce the issue.

Thank you for pointing this out!
@darione90     19 June, 2021
    Twitter darione90:
Many thanks to garlet_marco for finding an XSS vulnerability on our website!
@RyanBoehm12     16 June, 2021
    Twitter RyanBoehm12:
Vighnesh Gupta was professional, considerate, and thorough in helping us resolve a security flaw on our website. He communicated with in a timely manner, and provided all necessary support to fix the issue. I highly recommend him.
@rus_cert     16 June, 2021
    Twitter rus_cert:
Thanks for informing us about the vulnerability and providing helpful details :-)
@Cyber91998806     16 June, 2021
    Twitter Cyber91998806:
He responded to my mails quickly and helped us how to fix the vulnerability in a professional way. I recommended this guy.