Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

Platform update: please use our new authentication mechanism to securely use the Open Bug Bounty Platform.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
 1,702,924 coordinated disclosures
1,382,530 fixed vulnerabilities
1,989 bug bounty programs, 3,917 websites
46,827 researchers, 1,651 honor badges

OpenBugBounty.org > Bug Bounty List > CreatorSphere Bug Bounty Program

CreatorSphere Bug Bounty Program

CreatorSphere runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of CreatorSphere

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between CreatorSphere and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

creatorsphere.co
*.creatorsphere.co

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

You can exploit the vulnerability for demonstration purpose, but this should not lead to service outages (DoS) as well as the manipulation or loss of data. The purpose of the demonstration should show the attack vector and should not cause any damage. Additionally any data you've stored must be deleted upon instruction by CreatorSphere's Team. You must not share your discovery with third parties until the disclosure period has lapsed and additional

Testing Requirements:

No specific requirements.

Possible Awards:

For critical vulnerabilities a cash prize may be provided for an undisclosed amount at the discretion of the company. In all other cases, as a thank you, credit and store credit will be provided.

Special Notes:

No bounties are accepted unless submitted through the OpenBugBounty program.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

No specific requirements.

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: https://keybase.io/download
Version: Keybase Go 4.7.2 (windows)

xsFNBF3ELmABEACugQD2BFwjVkhP0RxrZCGPNqdFI70OAx3qWkpy8XfWbCJdFs6U
hz4zr0Dbto0OWd7ArOw+AZUUqqXXX/0VRuomiyBV32z6ICB4/ad3oB+zBvdk8f9O
fENQNgLjQaXazm3D+JvJTZk2O/M93vFimg5CvTjrj6iUrzgHKHldc0avbOiJ0Z7y
2MTyGvICPMAC2tKQ8ZvobzMjdgEN126kEGauwhH4kN1lwmbeN/L6W4hqUsqRZpnO
O1CLLjD73OV67NJ79fyvGwCdUomyxhOu21e7jWQgsEGnd9SARSInXGmW5gLx7WKT
G2WAX4eYOwAY2JNou2dIerD1/+AVQrROWszqU5sNKuXRD9v/CCdg0r+HRNHI7J+k
YIH/14Q79GL7kqzC+0NSCiyCzNhze4DpjIPWlqAs5BLgW7vtREpDBD+bmdUsWh2n
dJ6I6IUt8gA1jJgPC8z0oT/YVmcUJsI9rdxlvrhC/kOfqvVYii94V+tKPzs5ksC2
pxB1hm7FVgKgGjyii141+y5NzRvETfkRH2Cy2KfYtIrXFvh081Q/bWOwwuFnxVNn
093pF45xauith9t1Q1+Rm1VDWx3N/0jXkjBW9JIz6Fl79Yi15lFeseu9JW+64e+g
mOkngKf/naQvZ5VGUUGbzkHCEsyi/wNKhZTbUqmlqm2tPKy6+m2PQzJSWwARAQAB
zSRDb25ub3IgPGNvbm5vci5wd2lyZUBwcm90b25tYWlsLmNvbT7CwXgEEwEIACwF
Al3ELmAJEHt0WrFXPbGbAhsDBQkeEzgAAhkBBAsHCQMFFQgKAgMEFgABAgAA11gQ
AAsMCSVSinIQGWkT9muykE5pYwmMnGhzP/qHKuN8V3zJlayZ1JqXpwoGrLDbxTQO
r9CBRvBs3Ww6K7ArdggXPA67JurCU5qKsiNmmfqMp3H/r3N0IQ3oSd8ESTqANDac
QSmcltyYDIIpv8s7OQ0XMs6mOCB+F3l7QAThjVsRwH4pbX+I0PSlTzHDTbKo8qVd
JD0edRRceSQyrIlAMKxpyP+uJjjqnWEeCqYBur+zYxhhFG6hNOM3Pba6FLzF5Z8u
xqKsjqsydo74+5g8EHr0dxnAjAIFWf5oOYY8Tt3eNbCBOjEc2fnGJHEPaZ/5QP/2
HYkYnGPgfhmZKi8Z+YM/rhvKADs2TgwzWHrOiH7liT2maZIHy4tXMWzAPDSYlzh5
Y4Z3zrxKNvQTfucxPlniuZuRaNDc1rllOaIzSoc7KI6Qf0rs1CadEd5f6qkfFra3
xJ85POfZQTPpcWV2oYlCLwf7a4AwzHA2voo+mCbbxgv5S72U/Cdln8z76jjKFe6l
gfeRzEnoluR+7lPqfuF+HasgyvytLnjQjmbHflEyajhSCpuSYWCZZJswyXK5uqsx
fhocsCv3nX5ACw+5E7AHdZihIcRst2hHmozx8G+cgbPmVOZvtZPMFnKsTo1Oma+l
VASD6sLKiGu9I0e6SeWWpgyLBiqi2a9uxOA0xzsCS9mfzsFNBF3ELmABEAC8lsfo
6CoGdb/UKM0t9narxTqwOjsD3qacZZC0yeODHV7rYpZ43TcyHStBYAoMV20oyjvx
T5wJk01fNPWBT1aqoF/SQmU9r+GCF8X76tGMR0tz72eWjj16MkcGedGDy1bIsUg6
yO2X8dEvE4dapGUgvGmOQeivAhU59klyOrglLjBdf+Er51XVL+vNcRikGOjVeVS5
EXjghq15yMnMAEdriFe2uvu0wTIoH0xLBAqB9bve2G2QTx09hJ1UvxYDtS3X1fYx
0ZVQpxHfH8Tk23fxHZHYlf9nVsuCtDlc1+lJ9TcVceE8CWnSrR63e7ieQGSJVLpp
NXmdEHtIbOem4uCrEFhNmKbUsBNRGdMGDoE86fvmsTEJklGRUmxAlhtwtjiP0Bns
gz5p2vpaCQ863UZlKjHRjsmMAXAoQPktHTt5zZPWwIduKr8wQg89R7jnmyUVHYyb
Mzm3uOcFqUX21Ujctja1bOib0MXMMOqDtQM/eviTVxIlsQ3sqJiXL/e6sfICf2OY
C1yLUEiGeSu5OXpJ96UTo3aQONbfa8XJa55qB9lhufS6XVka58qNUxawpVsrx4Ie
brPSedRK1yw0J7DO7itDZRIu/KFJdG7wRIRgmKWuhz8MSROLtirw+9S8cJ2q0i9Y
QF0ZKaB1PdD3EejsczLLXHe87nwA/s6kBojS4wARAQABwsF1BBgBCAApBQJdxC5g
CRB7dFqxVz2xmwIbDAUJHhM4AAQLBwkDBRUICgIDBBYAAQIAADo1EABddjHehZxy
2fr1JzqNSgO91I5mGT/ydtNWcFdR2+QMETGml98nu1nS+pVk2/Nfn79JCwfiPqkr
HEHrlY+j1UxaAc/jpUVtCfprgvAcUfZubl/AbV0MJAJfyN1QlDX94TtjUlTx1Uih
7MhwGE3sCo6A1jdfthBgHHPEHYdzoLn2gc7nkewsbfrk4ZYzLqrLg/XZcUZ+UWDa
fbnlXkjZdxvFKlYVK3cT4/Qp4/xI50BOl4tW9MMUwTvPmZSzoGR7cziAtXOYUnVq
EXczORDmKK7O92IGmYj03bDmFwubfeDmZNrwZSqXsi2rxtA6aSO1LWlCAvG339jZ
ob9hwgrfpBE2rrZESuvbdqx5l0k9Gif850diSrb+Q314ICiEN4fVvGS3oSWqLxuA
iHcWrzzJIQrmfKnrAa3nepa+6E/upfSFJd3JVicva+A14aG7gX86tQg0N4eLNm/M
OJ70qt5eiwjCY10thp8sqhB9dPdHLYJLuG6miXbop8FORagUIdjoQunlviN3LJiz
+KCAlKb0AD8iZIvK3V+t+xP6dQBHI7jtUQnD9hl0vVEAde0TySoYB2/KWdP8HhPG
IvRQ9DfybXiIyNl9/zePThSCfe9xD8GrLdkXJ1SeDc74vp+E+jECCBato+qoCr/c
kWLnDhIKHiaCjyUv5PHv9A0wqympJbCgYg==
=1w9u
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

No specific requirements.

Testing Requirements:

No specific requirements.

Possible Awards:

For critical vulnerabilities a cash prize may be provided for an undisclosed amount at the discretion of the company. In all other cases, as a thank you, credit and store credit will be provided.

Special Notes:

No bounties are accepted unless submitted through the OpenBugBounty program.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

Velocity007     9 July, 2021
    Velocity007:
Submitted two critical reports, till date no response received. Another company who wants free bugs. Don't waste time on this program.

  Latest Patched

 19.04.2024 mlsi.gov.cy
 19.04.2024 biblioteca.m...erere.edu.ec
 18.04.2024 recycleright.sa.gov.au
 17.04.2024 maps.bolton.gov.uk
 16.04.2024 fishwatch.gov
 16.04.2024 renewableenergy.gov.bd
 15.04.2024 iowaattorneygeneral.gov
 14.04.2024 camaracastel...co.sc.gov.br
 13.04.2024 lit.am
 13.04.2024 overnewton.vic.edu.au

  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    10 April, 2024
    Mars:
Hatim uncovered a XSS bug that we were able to quickly resolve. Thanks very much for your assistance and help.
    8 April, 2024
    Panthermedia:
Thanks to the support of Hatim Chabik, we were able to identify and solve an XSS bug.
    5 April, 2024
    pubpharm:
Pooja found a XSS vulnerability on our website and provided us with the needed Information for replication and fixing the issue. Which she verified afterwards.
We thank her for the reporting and assistance.
    2 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
    20 March, 2024
    TechVitaverdura:
Great exchanges with this person, thank you for your help and your report
Making Web a Safer Place
Coordinated & Responsible Disclosure
Based on ISO 29147 Guidelines

2023 © OpenBugBounty
  • Follow us