Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
956,756 coordinated disclosures
601,539 fixed vulnerabilities
1,318 bug bounty programs, 2,629 websites
22,660 researchers, 1,302 honor badges

CreatorSphere Bug Bounty Program

CreatorSphere runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of CreatorSphere

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between CreatorSphere and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.creatorsphere.co

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

You can exploit the vulnerability for demonstration purpose, but this should not lead to service outages (DoS) as well as the manipulation or loss of data. The purpose of the demonstration should show the attack vector and should not cause any damage. Additionally any data you've stored must be deleted upon instruction by CreatorSphere's Team. You must not share your discovery with third parties until the disclosure period has lapsed and additional

Testing Requirements:

No specific requirements.

Possible Awards:

For critical vulnerabilities a cash prize may be provided for an undisclosed amount at the discretion of the company. In all other cases, as a thank you, credit and store credit will be provided.

Special Notes:

No specific notes.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

No specific requirements.

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: https://keybase.io/download
Version: Keybase Go 4.7.2 (windows)

xsFNBF3ELmABEACugQD2BFwjVkhP0RxrZCGPNqdFI70OAx3qWkpy8XfWbCJdFs6U
hz4zr0Dbto0OWd7ArOw+AZUUqqXXX/0VRuomiyBV32z6ICB4/ad3oB+zBvdk8f9O
fENQNgLjQaXazm3D+JvJTZk2O/M93vFimg5CvTjrj6iUrzgHKHldc0avbOiJ0Z7y
2MTyGvICPMAC2tKQ8ZvobzMjdgEN126kEGauwhH4kN1lwmbeN/L6W4hqUsqRZpnO
O1CLLjD73OV67NJ79fyvGwCdUomyxhOu21e7jWQgsEGnd9SARSInXGmW5gLx7WKT
G2WAX4eYOwAY2JNou2dIerD1/+AVQrROWszqU5sNKuXRD9v/CCdg0r+HRNHI7J+k
YIH/14Q79GL7kqzC+0NSCiyCzNhze4DpjIPWlqAs5BLgW7vtREpDBD+bmdUsWh2n
dJ6I6IUt8gA1jJgPC8z0oT/YVmcUJsI9rdxlvrhC/kOfqvVYii94V+tKPzs5ksC2
pxB1hm7FVgKgGjyii141+y5NzRvETfkRH2Cy2KfYtIrXFvh081Q/bWOwwuFnxVNn
093pF45xauith9t1Q1+Rm1VDWx3N/0jXkjBW9JIz6Fl79Yi15lFeseu9JW+64e+g
mOkngKf/naQvZ5VGUUGbzkHCEsyi/wNKhZTbUqmlqm2tPKy6+m2PQzJSWwARAQAB
zSRDb25ub3IgPGNvbm5vci5wd2lyZUBwcm90b25tYWlsLmNvbT7CwXgEEwEIACwF
Al3ELmAJEHt0WrFXPbGbAhsDBQkeEzgAAhkBBAsHCQMFFQgKAgMEFgABAgAA11gQ
AAsMCSVSinIQGWkT9muykE5pYwmMnGhzP/qHKuN8V3zJlayZ1JqXpwoGrLDbxTQO
r9CBRvBs3Ww6K7ArdggXPA67JurCU5qKsiNmmfqMp3H/r3N0IQ3oSd8ESTqANDac
QSmcltyYDIIpv8s7OQ0XMs6mOCB+F3l7QAThjVsRwH4pbX+I0PSlTzHDTbKo8qVd
JD0edRRceSQyrIlAMKxpyP+uJjjqnWEeCqYBur+zYxhhFG6hNOM3Pba6FLzF5Z8u
xqKsjqsydo74+5g8EHr0dxnAjAIFWf5oOYY8Tt3eNbCBOjEc2fnGJHEPaZ/5QP/2
HYkYnGPgfhmZKi8Z+YM/rhvKADs2TgwzWHrOiH7liT2maZIHy4tXMWzAPDSYlzh5
Y4Z3zrxKNvQTfucxPlniuZuRaNDc1rllOaIzSoc7KI6Qf0rs1CadEd5f6qkfFra3
xJ85POfZQTPpcWV2oYlCLwf7a4AwzHA2voo+mCbbxgv5S72U/Cdln8z76jjKFe6l
gfeRzEnoluR+7lPqfuF+HasgyvytLnjQjmbHflEyajhSCpuSYWCZZJswyXK5uqsx
fhocsCv3nX5ACw+5E7AHdZihIcRst2hHmozx8G+cgbPmVOZvtZPMFnKsTo1Oma+l
VASD6sLKiGu9I0e6SeWWpgyLBiqi2a9uxOA0xzsCS9mfzsFNBF3ELmABEAC8lsfo
6CoGdb/UKM0t9narxTqwOjsD3qacZZC0yeODHV7rYpZ43TcyHStBYAoMV20oyjvx
T5wJk01fNPWBT1aqoF/SQmU9r+GCF8X76tGMR0tz72eWjj16MkcGedGDy1bIsUg6
yO2X8dEvE4dapGUgvGmOQeivAhU59klyOrglLjBdf+Er51XVL+vNcRikGOjVeVS5
EXjghq15yMnMAEdriFe2uvu0wTIoH0xLBAqB9bve2G2QTx09hJ1UvxYDtS3X1fYx
0ZVQpxHfH8Tk23fxHZHYlf9nVsuCtDlc1+lJ9TcVceE8CWnSrR63e7ieQGSJVLpp
NXmdEHtIbOem4uCrEFhNmKbUsBNRGdMGDoE86fvmsTEJklGRUmxAlhtwtjiP0Bns
gz5p2vpaCQ863UZlKjHRjsmMAXAoQPktHTt5zZPWwIduKr8wQg89R7jnmyUVHYyb
Mzm3uOcFqUX21Ujctja1bOib0MXMMOqDtQM/eviTVxIlsQ3sqJiXL/e6sfICf2OY
C1yLUEiGeSu5OXpJ96UTo3aQONbfa8XJa55qB9lhufS6XVka58qNUxawpVsrx4Ie
brPSedRK1yw0J7DO7itDZRIu/KFJdG7wRIRgmKWuhz8MSROLtirw+9S8cJ2q0i9Y
QF0ZKaB1PdD3EejsczLLXHe87nwA/s6kBojS4wARAQABwsF1BBgBCAApBQJdxC5g
CRB7dFqxVz2xmwIbDAUJHhM4AAQLBwkDBRUICgIDBBYAAQIAADo1EABddjHehZxy
2fr1JzqNSgO91I5mGT/ydtNWcFdR2+QMETGml98nu1nS+pVk2/Nfn79JCwfiPqkr
HEHrlY+j1UxaAc/jpUVtCfprgvAcUfZubl/AbV0MJAJfyN1QlDX94TtjUlTx1Uih
7MhwGE3sCo6A1jdfthBgHHPEHYdzoLn2gc7nkewsbfrk4ZYzLqrLg/XZcUZ+UWDa
fbnlXkjZdxvFKlYVK3cT4/Qp4/xI50BOl4tW9MMUwTvPmZSzoGR7cziAtXOYUnVq
EXczORDmKK7O92IGmYj03bDmFwubfeDmZNrwZSqXsi2rxtA6aSO1LWlCAvG339jZ
ob9hwgrfpBE2rrZESuvbdqx5l0k9Gif850diSrb+Q314ICiEN4fVvGS3oSWqLxuA
iHcWrzzJIQrmfKnrAa3nepa+6E/upfSFJd3JVicva+A14aG7gX86tQg0N4eLNm/M
OJ70qt5eiwjCY10thp8sqhB9dPdHLYJLuG6miXbop8FORagUIdjoQunlviN3LJiz
+KCAlKb0AD8iZIvK3V+t+xP6dQBHI7jtUQnD9hl0vVEAde0TySoYB2/KWdP8HhPG
IvRQ9DfybXiIyNl9/zePThSCfe9xD8GrLdkXJ1SeDc74vp+E+jECCBato+qoCr/c
kWLnDhIKHiaCjyUv5PHv9A0wqympJbCgYg==
=1w9u
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

No specific requirements.

Testing Requirements:

No specific requirements.

Possible Awards:

For critical vulnerabilities a cash prize may be provided for an undisclosed amount at the discretion of the company. In all other cases, as a thank you, credit and store credit will be provided.

Special Notes:

No specific notes.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 07.05.2021 baliza.go.gov.br
 07.05.2021 pequizeiro.to.gov.br
 07.05.2021 castanheiras.ro.gov.br
 07.05.2021 huji.ac.il
 07.05.2021 www6.caixa.gov.br
 07.05.2021 nasatheme.com
 07.05.2021 itaipulandia.pr.gov.br
 07.05.2021 detran.rr.gov.br

  Latest Blog Posts

25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism
28.03.2021 by febin_rev
Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2 Buffer Overflow-CVE-2018–6892
10.02.2021 by Renzi25031469
Sysadminotaur nº88
10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard

  Recent Recommendations

@obb20210429     6 May, 2021
    Twitter obb20210429:
Thanks for a quick and useful report that helped us find and resolve the issue.
@MrGviana     6 May, 2021
    Twitter MrGviana:
Ricardo, thank you for reporting vulnerabilities and helping me to solve them.
@aguiar_security     6 May, 2021
    Twitter aguiar_security:
Hey Ricardo, thanks for helping us :)
@aguiar_security     6 May, 2021
    Twitter aguiar_security:
Hey Ricardo, thanks for helping us :)
@_Kkommi     6 May, 2021
    Twitter _Kkommi:
Thank you for letting us know about the issue and helping to make the web a safer place