Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

Platform update: please use our new authentication mechanism to securely use the Open Bug Bounty Platform.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,709,227 coordinated disclosures
1,357,596 fixed vulnerabilities
1,980 bug bounty programs, 3,897 websites
46,091 researchers, 1,643 honor badges

iol Bug Bounty Program

iol runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of iol

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between iol and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.islamonline.net

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Examples of Qualifying Vulnerabilities
Authentication flaws
Privilege Escalation
Circumvention of our Platform/Privacy permissions model
Clickjacking
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Server-side code execution
sql injection

Testing Requirements:

Authentication flaws
Privilege Escalation
Circumvention of our Platform/Privacy permissions model
Clickjacking
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Server-side code execution
sql injection

Possible Awards:

No possible awards

Special Notes:

any Vulnerabilities send to my email [email protected]

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

[email protected]

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Mailvelope v2.2.2
Comment: https://www.mailvelope.com

xsFNBFs9r9cBEAC2+NgH8uT6LfZXzlK0k29wDjmb6QlJK55E2BxevrHAQG6J
muusVtIsUoEmJzGL61I8sD/fspjlzfkjDcEoTFz9hs2R17hNUYAMXtEaYimZ
nRYkXIk6Tm6GkerQzoIiLoOf7UDGHE8EjTuaDvMqPsuuQojUuSbLyT/fYlec
Bb3h4NhZdr6/S7PvxzcNjKncISR/EXqkcRlrnx5IDdTGGgf9ZLWnkZ1C9Eab
4eOA5JmIVt6trLS642+OMxJmNDo5p51bSZD+2ciIBDT2xbKD7lKFV+Im9JVw
f90akZgwfnZCkgdTdaxuC3HgLwboH00jtPBnVDVdlYifPms7vthalSvuspak
4DcKzvVPFCz4SQxZSjA8NLpZUnbNRD7E7d/YTuv6DBbnwCsd1SxwASDQSHAU
fe8aLY8TRpeQDzR2SA4P7rB58wymf+mvQLVFuLAXEqw4E3aXFhjdSGO8hLH9
ugl/0JTAfs+LqyLwBaQeLRmIDWOWdBsgNDyr3FhbfBE2k6r+Q6dBnPDLnp4Z
SeHKe6eGlRqZjdteUFl25w3cwR4ZOoRIowrHaI7aKuxjv7Ux57gpsPbF4REE
IhQuvR6BKaAyRu1zwfdlUVGih1p/iDoBFs8a5peSVXcQmqrSGVTLFjuWVDG8
dS3nTtjl5R5yYqHCQnZV7bOLVHA6bpfpb8BIZQARAQABzSZhc2hyYWYgc2hl
cmlmIDxlbmcuYXNocmFmMTVAZ21haWwuY29tPsLBdQQQAQgAKQUCWz2v2wYL
CQcIAwIJEPZP6hJRRKr7BBUICgIDFgIBAhkBAhsDAh4BAAA1dxAAs1E0GzP9
faqhgerhYAIKMAp+8rR0EWrFOX0MuOB88CtD6Glng0Ri3w33BZibQfCBOAbc
WQjeKGnlzgvsmqZIrYoj1RPjHL1eOe5bxsU+I3d8RUmOTN4MsoeUg2jkmKAs
J+6PbvEQb2WxdB9UQKu2/WpZJre+3QwB3FGSg3W2YF4eGEn+GYjLh97H0dQM
4jyRU1K0021YZXVkvHr/ygK6v/WAYssIYkSQ5m47Dz3jV2OIjEQ9MV/fhmGr
jq9QcgEymp0Znzm9uAPhcE04U13KU/aNrB8eqcyFz9MwT5tPflVsiyW+rg1x
6wB95R2bGmf27kUD2taOv62TdDnFG8UEGG4LF4wBE6+CiG4//J0sPFL+v5+V
Ug2wHY9hJHSTdJ8M+T+i7kp3N9w4gfqOze1c6CMaozQ5RI6PHEagh7hlQco1
+Om6y+j1Tbe0WaP/XvVPDH2VojcJlNdJn3qpgZZITL+25dVU1tCvjpqz4Dt7
Are87bSaBYZ19FliwxFnTyvVnAhC2dbRbBN5xYO1wkJs+lDSRebcqRcjAAtt
XULTG1yuXtEmtgpg44ZVUiYPTBnzd31vv7kJtU1LxTUdhjzSRbH5QhvpfEm6
RVMTvIgqhFbNCvsbuOTbY/fAbb+gGwljFIDh45YEcY4jYd2WtxQRR5ZxhlfF
W+A+TitjxQPXTL/OwU0EWz2v1wEQALQ7jrMr9pj13NXNdO+7Pyf7KXJeN4YA
4hRkAVAvjBJD81x0T2uOge4LYAIAwwjPYoadUB4LY3Emaocy7s4fgcH9ALAC
cpoXiWE9rXKi7PGcigVhPQF1etYVNlvfQiCXzvgYRTBJoyTd7578SoSNx7BC
vZargcK4vRLssgvrw5zqQR7JrKBOdX1ukWCW2casWtRie7qLSmyxEYaxi8qt
toevoKJwrM9hFg/LXvBRUvEVxQ/DMQY7vfqFpRna2BwAsG1uGdUwBfdAqJ04
IkmO2sEzty9eVLPx+0cxc/tUAEL2SYn4iJSA2Ql1kMZJ8Iyoy+87d2IS4DNQ
z9U9RsKqgjmqXqw4CJkqNBBj00GMIR+/UAL6Vidxa2gbaEzPFWNuxtl0Y2Md
+Y7I/b6YxLZZ7aLl0+nhEXLbWRhDqbuuExY8VWD7dYsrObEE42tmtxWl8Yxp
oLdmLDZVBElUFxOMKTAuA3wEMGw1eeeYADHpL/I2OOSS2Y/7H+hHlY5JeDXT
xkBwjnC3cAQ3G5gS/kidmKumGb1EnphckH3eyLs78CWqgF8WR0UckgnPKkgE
SkAf4ot5Xzf8YZm0/z1HVxS12SGsV7V173QG+9TuWOV48b/kwC7zYUAZat/z
i5ii4lBFzQerAXOhQRuf76R2UbCC4IDqs8qshBYdWVcCedX2NX9RABEBAAHC
wV8EGAEIABMFAls9r9wJEPZP6hJRRKr7AhsMAAAJUBAAskuzEJsT3/UPp145
fE6IQxWatoeQRUUR7uLRRCFR1XFf4zKY7/MiNo6m+Pn2tN9/vHG6xhAYfmmt
ePqYTPwP2SxvtCz1CvDvZj8KCi1Z5k6x4tY9lmosLRj1w10VdizKj5ckA2TQ
MN5ja7GDUr6kPpHNldDcTguIVyw/OnELEPWAQVEfAeGJoazz9x7nBgI+373W
wT13P9RMK1l//bcohJPQCn+EqQcAWGqbRKjOBFPLkqTXKTOeeJV+wQt74L8Q
r63ryDmsw+A12yQH1p8C2iDeJF15nbvkHH4nhuHDyWKQg1OO59g385Bhm9OD
Yit4IWP0hqAaYfW0PUQJTCzeQKMh7dTZt9vFmk6RfCTOK2YwMr6n9E+LgAuk
4KMh0cjH/cVD7p+NmnWdtFZDPhYFkQVXQ0iMY+FfnbSQ+PJdUKqK5pBppAKk
OzOIz/0Jtrb7iiYROhjSljdH5OeYxN5jqwOJW8KJgk7gg7VKStg2RxZiqKZf
7SWcDNG9xukU7Wvcf/B0J/KyNTEPJWunrwxuqVGcS+wmN4kV9lx+8vAU8ij5
RSsC4kuzXsWYFXkxDqHtfzdVLzLl0+OD47qz+ZFP4/9LoCYlsqnhJCXk0Tu9
9aHdqYlM6sTmKs5+1FZ/JXGQhqJOkkvgQtcuAhCA8m2bkwqpm6wESwdPNbgj
9cZ7RNk=
=MIdi
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

Authentication flaws
Privilege Escalation
Circumvention of our Platform/Privacy permissions model
Clickjacking
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Server-side code execution

Testing Requirements:

find any bugs
Authentication flaws
Privilege Escalation
Circumvention of our Platform/Privacy permissions model
Clickjacking
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Server-side code execution

sql injection

Possible Awards:

20 $ hof and i

Special Notes:

contact me please

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 28.03.2024 jarchi.me
 28.03.2024 auctionbidding.fcc.gov
 28.03.2024 moodle.wns.gov.il
 28.03.2024 th.adi.gov.il
 28.03.2024 montague-ma.gov
 28.03.2024 aparecida.sp.gov.br
 27.03.2024 nccupress.nccu.edu.tw
 26.03.2024 schedule.cc.nih.gov
 26.03.2024 floraargentina.edu.ar

  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    20 March, 2024
    TechVitaverdura:
Great exchanges with this person, thank you for your help and your report
    20 March, 2024
    Mek:
He reported some vulnerabilities and oversights of security best practices on my small private project web page.
Was responsive to e-mail, unlike many other people, so yes, I can recommend him.
    20 March, 2024
    ztwo79:
We would like to thank Pooja for responsibly disclosing a Cross-Site Scripting (XSS) vulnerability in our website. Her prompt reporting and assistance in developing a fix were instrumental in ensuring the security of our users.
    16 March, 2024
    TorutheRedFox:
Thanks for the help with the XSS vulnerability. It was a quick fix.
    15 March, 2024
    adesignguy:
Reported an XSS vulnerability which was helpful and much appreciated. I have patched it now as soon as I saw the email which was forwarded onto me!