Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
532,321 coordinated disclosures
332,517 fixed vulnerabilities
784 bug bounties with 1,547 websites
15,866 researchers, 1099 honor badges

SteamPrices Bug Bounty Program

SteamPrices runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of SteamPrices

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between SteamPrices and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

steamprices.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Feel free to test and submit any vulnerabilities as long as the attacker is not in control of the victim's browser; e.g. no Self-XSS.

I only reward reports for the domain www.steamprices.com (not for other subdomains).

Testing Requirements:

You might use any tool as long as you don't DoS the webserver. Try to keep it under 10 requests/minute.

Possible Awards:

Monetary reward for impactful XSS/XSRF vulnerabilities and for any SQL injection. I pay between €10 and €50 and only via PayPal.

The amount depends on the type of the attack and the possible long-term damage (e.g. information disclosure about a single user or all users).

Recommendation on your profile.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Please send any submissions that are outside the scope of OpenBugBounty to [email protected]

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v.1.20130820
Comment: http://openpgpjs.org

xsFNBFIwOcIBD/95/8kIanD5V32epEUzUs4CTduXTm19Gk2SZcIcxKna9OgC
7vGG1K8Q5OiBCARpNkRb6tz84f4VNEIVQs0PL40hSVmWIl/KHWP848WyIv5U
OAMW2IbvIzedM+ziPa5t12j4m3jHvEY4JjWOPdRgUvQhaczLnlS7b1C/oOhD
ZgXg7Ldr+b1G7H3dvWQnd7fSU+cv9JUbvtvibh2dP/nJT/CGa2zWua2Tgjmv
FaxD3qhyNSX9vRqCs84ghw9Lo9CQQ/NSVH4JKuCzSOHhBtN9kXGfnsjmsXIj
Va3zgFWulziA2m7Yu1T2Al8y13gSOWk5TlhryKJQra9ec7zi/i53masmZXhh
PREbPLUUwPZ12Yoa+XLnYKGW5k7ABESfIUuG40/YLrnsHaEG/5igqjP9hWWQ
QsP9WCdPgy0wzaNyKnNEiLt8j724i8GO1bFGGpoS3PELHho6UYjz0UMzEjnQ
LYw3Ri3whJQHKOwPWGiGEvg2x8Oh/CGVyCaxrv1Jxc2nK6BVRLVH9EeD6pPd
sENE7+zZdA2etJnD3cNvXLxZCBjTb1pTbseYvrhdv4KqQdpl+THOqfLK8ssN
E+db5wqZraLbQVp9oHm5iVrFgOE0NaBbD4gXvWQRHwtsnZikjzwXC/ukkfBz
eO11WrzBom+iI89UuG0ceFVaaySocNQ/BUY/lwARAQABzSgiU3RlYW1Qcmlj
ZXMuY29tIiA8aW5mb0BzdGVhbXByaWNlcy5jb20+wsFcBBABCAAQBQJSMDnO
CRCUQCaMfKT6fwAA63YP+wZjV0k91T/lnRj0ksgtCxCqx9mn0vauATz35rtJ
9NLgtBUs41xyfQIgszeTT+dYEPVleEmq4utQt5LiVxEPObmG/6ONUrFk+Jc3
diHQAT/J8yjK+FxAMK/oq0/aGobNNxsP37DEGNuek3fzHflCObapNoByyyOr
3sf9s1ffWrpoTn/ldN8SzE+1tZ0yLd44jQmBkWb+T6Ks3if+3tC/LVktpF7y
nex1aLB782ZbCbejB8PV4bpmR0yG0Wdhqi6UKV/KAHrHJxVGLXTTjw7kp+E7
TEo86jvrxVtHGaxGTYDvV2li8A0+lJdAD+9zA252XMejG5MBca5ysJBDLsRJ
xKIx26dzJq++3+OyVzEuCeErKRF4XtBqYeK3HcV4mAHQDZYQQMMO+O2piFW1
nCTaBg5hLzwvCBHvXjEp2u+G9/3NdC477rgA7Q5MwiDdo4SOqvdAUtSZlWtQ
Z9WwLGNdmdJG1cLFfXseJ1iddve0TRiMyV0OWGwjLO3Ow/TWWsEx1mR6Jn+2
j5U3x3fFS7xTXwPQexqXIaLshzmLjRaMv2FGi3cn+539O6HV4C7DUVG6rCW9
ok6OeVYklbfqjSq5IidKrH4SVWmGRt9HXtlSdDHn3LAr7vmoFmrdgiPZJo+N
tkztqbZP50AkNkvAvTG8DseChxMBTyCjDJi9eGfEK/Op
=+Hdg
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

(see above)

Testing Requirements:

(see above)

Possible Awards:

(see above)

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

    11 June, 2019
    ssshah2131:
Quick response, quick patch and at a time bounty rewarded.

  Latest Patched

 25.05.2020 torrentoon.com
 25.05.2020 www1.eeoc.gov
 25.05.2020 fcrs.treas.gov
 25.05.2020 bankiros.ru
 25.05.2020 eichberg.ws
 25.05.2020 dhs.mn.gov
 25.05.2020 enabbaladi.net
 25.05.2020 hhh.com.tw
 25.05.2020 4players.de
 25.05.2020 8899.click

  Latest Blog Posts

04.04.2020 by Rando02355205
(Alibaba) message.alibaba.com [IDOR] - [Bug Bounty]
12.03.2020 by Rando02355205
(Paypal) www.paypal.com [CSP High Level] - [XSS Reflected] - [Bug Bounty] - [Write Up]
08.03.2020 by CybeReports
JDECO.net XSS Vulnerability| CybeReports
29.02.2020 by Rando02355205
(Google) groups.google.com - [Stored XSS] - [Bug Bounty] - [WriteUp] - [24/02/2020]
10.02.2020 by 0xrocky
Stored XSS on h2biz.net

  Recent Recommendations

    22 May, 2020
     b0b02:
Thanks a lot for alerting me of an XSS on my website, much appreciated. That's definitely GOOD PRACTICE :)
    21 May, 2020
     tuonetti:
Pranav found an outdated jQuery file in our website. Thanks!
    21 May, 2020
     tuonetti:
Abhijeet helped us configure more secure SPF settings.
    21 May, 2020
     tuonetti:
Ronit was able to find a wrongly configured reCAPTCHA form which allowed multiple submissions by capturing the request on the fly and repeating it. Thanks!
    21 May, 2020
     tuonetti:
Shah helped us fix one HTML injection vulnerability on our website. Thank you!