OpenBugBounty.org > Bug Bounty List > Boros Bug Bounty Program

Boros Bug Bounty Program

Boros runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Boros

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Boros and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:

*.gsmblog.com

*.officeshoescee.com

*.officeshoes.ws

*.officeshoes.cz

*.legend.rs

*.pokloni.com

*.officeshoes.hr

*.officeshoes.pl

*.officeshoes.ro

*.officeshoes.ba

*.officeshoes.me

*.officeshoesonline.sk

*.officeshoes.rs

*.officeshoes.hu

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

no special requirements.
if you find intrusive or data leak problem please contact me directly.

Automated scans, ddos or other intrusive behavior is not appreciated and will be reported.

Testing Requirements:

provide us with full test scenario how to reproduce the issue

Possible Awards:

For confirmed problems recommendation on your profile.
In **some cases**, site owners are ready to ship you one of the available articles from their site.

Special Notes:

First of all, I'm NOT the direct owner or developer of the mentioned sites. I just give technical support for them!

For some reason I can't see the screenshots (I have contacted OpenBugBounty support). Please use plain text fields where possible.

Links with Youtube video showing the problem are not appreciated by business owners. Researches using Youtube videos will be negatively reviewed. Business owners may take legal actions against published videos. This is completely not under my control and responsibility!

Thank you

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Researcher's comments

28 July, 2020

nevermind:

hi i have submitted four vulnerabilties to one of your above domain ans its even patched. i have not yet received recommendation or hall of fame

3 March, 2020

lethal_raja:

Hi there,
I would like to report a vulnerability, not explicitly mentioned in "Non-Intrusive Submissions Handling".

Latest Patched

Recent Recommendations

23 March, 2023

soela_cs:

He's a reliable partner in finding and fixing some security issues on our website, and I'm happy to recommend working with him. Thanks for the collaboration!

22 March, 2023

TimFenner7:

On behalf of LeaseQuery, I wish to extend our gratitude to 4N_CURZE for reporting a vulnerability found on our website. 4N_CURZE was quick to respond and gladly provided all the information he could in order to help mitigate the risk. His efforts to make the internet a safer place is greatly appreciated!

17 March, 2023

pagecp31:

Huge thanks to Rajesh for pointing out an XSS vulnerability that affected several pages in the website I am developing on my free time. It is much appreciated and the report was very clear!

17 March, 2023

travelfish:

Thanks for finding the issuing, passing on your find, and the quick reply. Cheers!

15 March, 2023

MrMoney84315336:

Thank you for reporting the issues, good work.


Response Time How quickly researchers get responses to their submissions.
Remediation Time How quickly reported submissions are fixed.
Cooperation and Respect How fairly and respectfully researchers are being treated.