Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,765,168 coordinated disclosures
1,455,437 fixed vulnerabilities
2,072 bug bounty programs, 3,984 websites
54,921 researchers, 1,724 honor badges

ESM Participaes e Consultori Bug Bounty Program

ESM Participaes e Consultori runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of ESM Participaes e Consultori

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between ESM Participaes e Consultori and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

neoquimicaarena.com.br
*.neoquimicaarena.com.br

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

No general requirements

Testing Requirements:

No testing requirements

Possible Awards:

No possible awards

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 01.12.2024 192.com
 01.12.2024 cinmed.me
 01.12.2024 morrogrande.sc.gov.br
 01.12.2024 macieira.sc.gov.br
 01.12.2024 modelo.sc.gov.br
 01.12.2024 hervaldoeste.sc.gov.br
 01.12.2024 leobertoleal.sc.gov.br
 01.12.2024 luizalves.sc.gov.br
 01.12.2024 majorgercino.sc.gov.br

  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    25 November, 2024
    JoDesp:
Thanks for reporting the XSS problem and for the friendly and quick email contact.
    18 November, 2024
    danielvoigt01:
Dear Fatima0454,

Thank you very much for taking the time to report the XSS vulnerability on our not profit association's website. Your detailed report allowed us to quickly identify and resolve the issue. Thanks to your efforts, you've made not only our website but the web as a whole a little safer.

We truly appreciate your commitment to responsible disclosure and your contribution to improving online security. Please don’t hesitate to reach out again if you notice anything else or have further suggestions.

Best regards
Daniel
    18 November, 2024
    merlu:
Received a message via one of my customers about an XSS vulnerability found by SYPltd, after contacting the researcher I got a good report detailing the problem.

Communication was quick and professional. Thankfully we could swiftly fix this issue ourselves. Great thanks to you SYPltd for making us aware of the problem.
    4 November, 2024
    Prabu:
Thank you for your timely help with quick response.
    31 October, 2024
    mariohub:
Thank you for pointing us at a XSS vulnerability. We were able to fix it quickly with the information provided!