Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 419,317 coordinated disclosures
228,070 fixed vulnerabilities
565 bug bounties with 1105 websites
11,327 researchers, 932 honor badges

SteamPrices Bug Bounty Program

SteamPrices runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of SteamPrices

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between SteamPrices and researchers.

Bug bounty program allow all submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

steamprices.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Feel free to test and submit any vulnerabilities as long as the attacker is not in control of the victim's browser; e.g. no Self-XSS.

I only reward reports for the domain www.steamprices.com (not for other subdomains).

Testing Requirements:

You might use any tool as long as you don't DoS the webserver. Try to keep it under 10 requests/minute.

Possible Awards:

Monetary reward for impactful XSS/XSRF vulnerabilities and for any SQL injection. I pay between €10 and €50 and only via PayPal.

The amount depends on the type of the attack and the possible long-term damage (e.g. information disclosure about a single user or all users).

Recommendation on your profile.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Please send any submissions that are outside the scope of OpenBugBounty to [email protected]

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v.1.20130820
Comment: http://openpgpjs.org

xsFNBFIwOcIBD/95/8kIanD5V32epEUzUs4CTduXTm19Gk2SZcIcxKna9OgC
7vGG1K8Q5OiBCARpNkRb6tz84f4VNEIVQs0PL40hSVmWIl/KHWP848WyIv5U
OAMW2IbvIzedM+ziPa5t12j4m3jHvEY4JjWOPdRgUvQhaczLnlS7b1C/oOhD
ZgXg7Ldr+b1G7H3dvWQnd7fSU+cv9JUbvtvibh2dP/nJT/CGa2zWua2Tgjmv
FaxD3qhyNSX9vRqCs84ghw9Lo9CQQ/NSVH4JKuCzSOHhBtN9kXGfnsjmsXIj
Va3zgFWulziA2m7Yu1T2Al8y13gSOWk5TlhryKJQra9ec7zi/i53masmZXhh
PREbPLUUwPZ12Yoa+XLnYKGW5k7ABESfIUuG40/YLrnsHaEG/5igqjP9hWWQ
QsP9WCdPgy0wzaNyKnNEiLt8j724i8GO1bFGGpoS3PELHho6UYjz0UMzEjnQ
LYw3Ri3whJQHKOwPWGiGEvg2x8Oh/CGVyCaxrv1Jxc2nK6BVRLVH9EeD6pPd
sENE7+zZdA2etJnD3cNvXLxZCBjTb1pTbseYvrhdv4KqQdpl+THOqfLK8ssN
E+db5wqZraLbQVp9oHm5iVrFgOE0NaBbD4gXvWQRHwtsnZikjzwXC/ukkfBz
eO11WrzBom+iI89UuG0ceFVaaySocNQ/BUY/lwARAQABzSgiU3RlYW1Qcmlj
ZXMuY29tIiA8aW5mb0BzdGVhbXByaWNlcy5jb20+wsFcBBABCAAQBQJSMDnO
CRCUQCaMfKT6fwAA63YP+wZjV0k91T/lnRj0ksgtCxCqx9mn0vauATz35rtJ
9NLgtBUs41xyfQIgszeTT+dYEPVleEmq4utQt5LiVxEPObmG/6ONUrFk+Jc3
diHQAT/J8yjK+FxAMK/oq0/aGobNNxsP37DEGNuek3fzHflCObapNoByyyOr
3sf9s1ffWrpoTn/ldN8SzE+1tZ0yLd44jQmBkWb+T6Ks3if+3tC/LVktpF7y
nex1aLB782ZbCbejB8PV4bpmR0yG0Wdhqi6UKV/KAHrHJxVGLXTTjw7kp+E7
TEo86jvrxVtHGaxGTYDvV2li8A0+lJdAD+9zA252XMejG5MBca5ysJBDLsRJ
xKIx26dzJq++3+OyVzEuCeErKRF4XtBqYeK3HcV4mAHQDZYQQMMO+O2piFW1
nCTaBg5hLzwvCBHvXjEp2u+G9/3NdC477rgA7Q5MwiDdo4SOqvdAUtSZlWtQ
Z9WwLGNdmdJG1cLFfXseJ1iddve0TRiMyV0OWGwjLO3Ow/TWWsEx1mR6Jn+2
j5U3x3fFS7xTXwPQexqXIaLshzmLjRaMv2FGi3cn+539O6HV4C7DUVG6rCW9
ok6OeVYklbfqjSq5IidKrH4SVWmGRt9HXtlSdDHn3LAr7vmoFmrdgiPZJo+N
tkztqbZP50AkNkvAvTG8DseChxMBTyCjDJi9eGfEK/Op
=+Hdg
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

(see above)

Testing Requirements:

(see above)

Possible Awards:

(see above)

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

    11 June, 2019
    ssshah2131:
Quick response, quick patch and at a time bounty rewarded.

  Latest Patched

 19.08.2019 schnittberichte.com
 19.08.2019 bolha.com
 19.08.2019 the42.ie
 14.08.2019 credit-agricole.fr
 14.08.2019 fab.mil.br
 14.08.2019 a1.net
 14.08.2019 unige.ch
 14.08.2019 wunderground.com
 13.08.2019 djjohal.net
 13.08.2019 biblegateway.com

  Latest Blog Posts

19.08.2019 by ismailtsdln
IBM - Cross site Scripting [XSS]
15.08.2019 by thevivekkryadav
HOW I WAS BYPASSED CLOUDFLARE WAF
13.08.2019 by Renzi25031469
XSSCon - XSS Tool @Kitploit
13.08.2019 by Cur1S3
I Found a multiple xss on https://clickmeeting.com
13.08.2019 by ZIKADS
xss at anghami.com

  Recent Recommendations

    19 August, 2019
     maxiorel:
Thanks for reporting the problem and the vulnerability details.
    15 August, 2019
     randomthing4ev1:
Thank you for finding XSS on one of our websites.
    15 August, 2019
     pavelmusil:
Thanks you for report about hidden vulnerabilities in my projects.
    14 August, 2019
     runlevelone:
Thank you for your great input!
    14 August, 2019
     convertunits:
Great job finding a vulnerability. I have fixed the issue now, thanks for your help!