Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

Platform update: please use our new authentication mechanism to securely use the Open Bug Bounty Platform.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
 1,704,464 coordinated disclosures
1,383,221 fixed vulnerabilities
1,991 bug bounty programs, 3,919 websites
46,994 researchers, 1,651 honor badges

OpenBugBounty.org > Bug Bounty List > Chapatiz Bug Bounty Program

Chapatiz Bug Bounty Program

Chapatiz runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Chapatiz

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Chapatiz and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

chapatiz.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

=== DO NOT USED AUTOMATED SCANNER ===

Always send a working proof of concept for any vulnerability you find.
If possible, include the CVSS score.

Testing Requirements:

Please do not speak in a public chat room in a language other than french and respect the website moderating team.
You can create as many account as you wish, as long as you do not abuse the website rules with them.

You can create an account on the website to auth.

Possible Awards:

Max rewards for each type of vulnerability

High-risk vulnerability: 200€
Medium-risk vulnerability: 50€
Low-risk vulnerability: 20€

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Sent to email as per https://www.chapatiz.com/.well-known/security.txt

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF22++4BCACsvmumj2Opdi2J30ihWlGDxnjMqxa2oEG0Z3lTLMZE6IE/OVi1
eCLW2igpxbSECvbM24aia3asC7J7ZWRqE49l0aybm5PHbHmnr34y/bUjWtsXSN43
jP1zDdNyuH3Slt/wjy6dCIeva/s6KJNMeXtZm1FfBIHjKU27zj51Cy8hmPCh3Mvl
rZkhfeRSadrHV0EG5SduyX3uuhbNzFrtTy4k1cwoMcR3TK14OT7UD4BwzUWnWQF4
/uutUVMMGb/F+OuFGZ+s6IKw4B01yDIxbDVGOxQwxrW8Sk9LPG8aYnNMPAyD8hJ1
NEuyQ1NcAgWeH9JT2g5I/q0padefSt8wxU4pABEBAAG0IWpvbmF0aGFuLmYgPGpm
YS5mb25jaWFAZ21haWwuY29tPokBTgQTAQgAOBYhBMXltWCsMqOdWx7nBlGFFVoa
FCP/BQJdtvvuAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEFGFFVoaFCP/
Xc0H/0NhryLCXydwYl/0hjYmFiyvNQkX2kSe0lLCsXYl6lqqwm23OtK0QAto1hCI
k2xN4/sz/2YaQ7eE4oLtO50NdLEudszg2o/y2aFp58a+fbyoLwv2eZgf6dAQWEmc
IOLZhjaU8DCwwzQUB3DEfMQQx32EmsVHB8vDDuiIf2ngk7eMKqEA9oo0fn8yHRxr
6xjp5sXa/4qQkYIHorMDSgZ4PYuDb6HwRlnJYVp1UxY6hSvdM2QlxF1544/5BsKZ
KTXYei0O4zZ3J8nQuKV7uNuwXbFF0YCDdDsIYryKe6ILumsEdX+ZSFz80R3KcgCQ
SUUNLxN7TfmgdKsCHo6vGmHj0FW5AQ0EXbb77gEIAKc8/9BNPwTTjMVnDNKmvIey
N04OUNHAOZVQCCdNlswEQ1uzeQRGrQXcfv2rUhcBkf9qkEkPP//z563uXgFkhQkr
IC2AGFB4spKIxxZCpASh8TyIipU5kLjh7KQEIe5koaoqlc10LK1jUZWnNOaIJRN4
xCARRFsL89M+p3xqgohigzfoBLL490MgkjT72e/9d+h/io8RhnhdhREUCywzKAbJ
DAZ1CuOKNu7hYCAu+Wtcmkkl8MK3CCzZdSi+0dTqy704G4T8gLfMiM7I6upzkn1S
09m2gr5oyiwJO9RC0l14Rw2dsKVauyfrMzeZWoweVBjS7Muq6OLQ/Yc3BP41bXEA
EQEAAYkBNgQYAQgAIBYhBMXltWCsMqOdWx7nBlGFFVoaFCP/BQJdtvvuAhsgAAoJ
EFGFFVoaFCP/uH4H/inLkT3L7FEJEIefYM+K9mBqOAwWIwEDlFMFW87C5JJDxXsu
YBsQ/O5b8/xnBc0jPstn0RJtgakUriTbGMsx5uD3vInt9w1KBGuTWvcnOj14srjH
2P1HoeIScO1pYF3Ep1kfjW4aFNkmqaR82EcBK3YcxU1XeHt7srugs3v0Kivpam+x
kx0HKNDMaYTq98WxCqOXqGiQRL5MTX+ZpKc6NbFuiClZg023QzqNcpg3S0lDpjHV
wa/XcmYRkN+/giqq/Tht+Wm4o0HUyeV/7LjXZ4MVEAcjzKrXdrgoEARAkbjEENxZ
MavB0+xjZa0L4ZeYx3PoPtJ8jZbJengH2soeJIi5AQ0EXbb77gEIALHBZCiybENq
mkWsKbO9hBK0aLvmcIsEBPTy5R1/sVSS1a6Nr6c/YLK+dHhaswmO609Hh6n31W0D
xTQKN/zPI8VvSM/B+xu0+dqoSNURa0SBX71MhpSC3suilJ9TnzDhekpn6Dub8KyQ
K0SKW7uBQ/4OB+dWZb4Qyobflt8MXs5bGWBh04I4g55HKpdhUgyJmUCIi7DUV7WB
7Vzg4qFc+5Uckut05MMCt9arX5pznPv8DUpci+5LdtnDUkTOmTPVm5m02b/eK1p7
FUJom00LY0lmwIFwJvsz+9s2whzmUvX8BnIFZSba4TZgNgyoYpZyjLLBdTvUk3Br
FPwlhAIx/YcAEQEAAYkBNgQYAQgAIBYhBMXltWCsMqOdWx7nBlGFFVoaFCP/BQJd
tvvuAhsMAAoJEFGFFVoaFCP/IlEH/3Md9Usj2F5qSpE2KzvzHYZAonBIrlQVzI0u
fv2q/b1/OvKIdXEPMe+PGs0V4TiYUHQ/LKJb/9ew4LmP8BFteyhlCVUcBzsdB//H
zX02vrwYRYFvr2PCCY5JJQaQgsj5NxDcN551eGPqkailngoLhEoIJTWg6QsM/MDL
eyNFIMAizxHge6WLZwUORhS4awO4K9UEHwk7phTtMdR84qixj+OvvWBsWxk0BPW6
TGf+SM5UNnGjaNl84RVQ9bi3vznNLTRHSFvWSK2qxb5OTuOS6msw4SgDb9rPr31s
MPzeT4XfFikkY1sE0bEwkun4X7DghctDj1kbkdtpKIHkPEUovhE=
=735v
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

=== DO NOT USED AUTOMATED SCANNER ===

Always send a working proof of concept for any vulnerability you find.
If possible, include the CVSS score.
Please do not use automated vulnerability scanner.

If you find a severe vulnerability, please do not extract user information and test just enough to make a POC.

Testing Requirements:

=== DO NOT USED AUTOMATED SCANNER ===

You can create an account on the website to auth.
Please do not speak in a public chat room in a language other than french and please respect the website moderating team.
You can create as many account as you wish, as long as you do not abuse the website rules with them.

Possible Awards:

Max rewards for each type of vulnerability

Critical vulnerability: 500€
High-risk vulnerability: 250€
Medium-risk vulnerability: 100€
Low-risk vulnerability: 50€

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 24.04.2024 tap.mk.gov.lv
 23.04.2024 data.aad.gov.au
 23.04.2024 bitporno.to
 23.04.2024 sys01.lib.hkbu.edu.hk
 23.04.2024 srvm.gov.za
 22.04.2024 stc.edu.hk
 22.04.2024 friv5online.com
 20.04.2024 brandonfowler.me
 20.04.2024 lingohelp.me
 19.04.2024 getscreen.me

  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    22 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
    10 April, 2024
    Mars:
Hatim uncovered a XSS bug that we were able to quickly resolve. Thanks very much for your assistance and help.
    8 April, 2024
    Panthermedia:
Thanks to the support of Hatim Chabik, we were able to identify and solve an XSS bug.
    5 April, 2024
    pubpharm:
Pooja found a XSS vulnerability on our website and provided us with the needed Information for replication and fixing the issue. Which she verified afterwards.
We thank her for the reporting and assistance.
    2 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
Making Web a Safer Place
Coordinated & Responsible Disclosure
Based on ISO 29147 Guidelines

2023 © OpenBugBounty
  • Follow us