Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 383,634 coordinated disclosures
217,790 fixed vulnerabilities
518 bug bounties with 1018 websites
10,306 researchers, 905 honor badges

SteamPrices Bug Bounty Program

SteamPrices runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of SteamPrices

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between SteamPrices and researchers.

Bug bounty program allow all submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

steamprices.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Feel free to test and submit any vulnerabilities as long as the attacker is not in control of the victim's browser; e.g. no Self-XSS.

I only reward reports for the domain www.steamprices.com (not for other subdomains).

Testing Requirements:

You might use any tool as long as you don't DoS the webserver. Try to keep it under 10 requests/minute.

Possible Awards:

Monetary reward for impactful XSS/XSRF vulnerabilities and for any SQL injection. I pay between €10 and €50 and only via PayPal.

The amount depends on the type of the attack and the possible long-term damage (e.g. information disclosure about a single user or all users).

Recommendation on your profile.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Please send any submissions that are outside the scope of OpenBugBounty to [email protected]

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v.1.20130820
Comment: http://openpgpjs.org

xsFNBFIwOcIBD/95/8kIanD5V32epEUzUs4CTduXTm19Gk2SZcIcxKna9OgC
7vGG1K8Q5OiBCARpNkRb6tz84f4VNEIVQs0PL40hSVmWIl/KHWP848WyIv5U
OAMW2IbvIzedM+ziPa5t12j4m3jHvEY4JjWOPdRgUvQhaczLnlS7b1C/oOhD
ZgXg7Ldr+b1G7H3dvWQnd7fSU+cv9JUbvtvibh2dP/nJT/CGa2zWua2Tgjmv
FaxD3qhyNSX9vRqCs84ghw9Lo9CQQ/NSVH4JKuCzSOHhBtN9kXGfnsjmsXIj
Va3zgFWulziA2m7Yu1T2Al8y13gSOWk5TlhryKJQra9ec7zi/i53masmZXhh
PREbPLUUwPZ12Yoa+XLnYKGW5k7ABESfIUuG40/YLrnsHaEG/5igqjP9hWWQ
QsP9WCdPgy0wzaNyKnNEiLt8j724i8GO1bFGGpoS3PELHho6UYjz0UMzEjnQ
LYw3Ri3whJQHKOwPWGiGEvg2x8Oh/CGVyCaxrv1Jxc2nK6BVRLVH9EeD6pPd
sENE7+zZdA2etJnD3cNvXLxZCBjTb1pTbseYvrhdv4KqQdpl+THOqfLK8ssN
E+db5wqZraLbQVp9oHm5iVrFgOE0NaBbD4gXvWQRHwtsnZikjzwXC/ukkfBz
eO11WrzBom+iI89UuG0ceFVaaySocNQ/BUY/lwARAQABzSgiU3RlYW1Qcmlj
ZXMuY29tIiA8aW5mb0BzdGVhbXByaWNlcy5jb20+wsFcBBABCAAQBQJSMDnO
CRCUQCaMfKT6fwAA63YP+wZjV0k91T/lnRj0ksgtCxCqx9mn0vauATz35rtJ
9NLgtBUs41xyfQIgszeTT+dYEPVleEmq4utQt5LiVxEPObmG/6ONUrFk+Jc3
diHQAT/J8yjK+FxAMK/oq0/aGobNNxsP37DEGNuek3fzHflCObapNoByyyOr
3sf9s1ffWrpoTn/ldN8SzE+1tZ0yLd44jQmBkWb+T6Ks3if+3tC/LVktpF7y
nex1aLB782ZbCbejB8PV4bpmR0yG0Wdhqi6UKV/KAHrHJxVGLXTTjw7kp+E7
TEo86jvrxVtHGaxGTYDvV2li8A0+lJdAD+9zA252XMejG5MBca5ysJBDLsRJ
xKIx26dzJq++3+OyVzEuCeErKRF4XtBqYeK3HcV4mAHQDZYQQMMO+O2piFW1
nCTaBg5hLzwvCBHvXjEp2u+G9/3NdC477rgA7Q5MwiDdo4SOqvdAUtSZlWtQ
Z9WwLGNdmdJG1cLFfXseJ1iddve0TRiMyV0OWGwjLO3Ow/TWWsEx1mR6Jn+2
j5U3x3fFS7xTXwPQexqXIaLshzmLjRaMv2FGi3cn+539O6HV4C7DUVG6rCW9
ok6OeVYklbfqjSq5IidKrH4SVWmGRt9HXtlSdDHn3LAr7vmoFmrdgiPZJo+N
tkztqbZP50AkNkvAvTG8DseChxMBTyCjDJi9eGfEK/Op
=+Hdg
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

(see above)

Testing Requirements:

(see above)

Possible Awards:

(see above)

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

    11 June, 2019
    ssshah2131:
Quick response, quick patch and at a time bounty rewarded.

  Latest Patched

 18.06.2019 uliege.be
 18.06.2019 cntraveler.com
 18.06.2019 karaoke-version.com
 18.06.2019 vatgia.com
 18.06.2019 webnode.sk
 18.06.2019 mega.cl
 18.06.2019 monstersandcritics.com
 18.06.2019 despegar.cl
 18.06.2019 condos.ca
 18.06.2019 topachat.com

  Latest Blog Posts

12.06.2019 by Open Bug Bounty
Open Bug Bounty pursues a steady growth in 2019 with over 212,148 fixed vulnerabilities
27.05.2019 by fakessh
bing openredirect
20.05.2019 by fakessh
Hitachi Incident Response Team (HIRT)
11.05.2019 by MAS00712
Footprinting and Reconnaissance with DIRB Tool (For Security Researcher and Bug Bounty Hunters)
01.05.2019 by Renzi25031469
1000's of default passwords on http://open-sez.me

  Recent Recommendations

    18 June, 2019
     anorwood:
Thanks for pointing out an XSS vulnerability in the markup of one of our applications. Good to have it patched up.
    18 June, 2019
     JuniorTidal:
Thank you Paulo for sharing your expertise. It is much appreciated!
    18 June, 2019
     Jerski124:
Thank you for information about vulnerabilities on our site.
    18 June, 2019
     opensolr:
Thank you for your notification and helping us build a safer environment for our users!
    17 June, 2019
     opensolr:
The research on the cross-domain vulnerability, was a very good catch !
Thank you very much for your time and professional report !