Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
827,780 coordinated disclosures
466,696 fixed vulnerabilities
1275 bug bounties with 2,433 websites
21,687 researchers, 1280 honor badges

pfz Bug Bounty Program

pfz runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of pfz

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between pfz and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:

No verified websites yet

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Please report any vulnerabilities found following the “non intrusive” principles of Open Bug Bounty.

Be patient, and use clear language about technical details when you submit to this bug bounty, including information needed to replicate and test the vulnerability.

Avoid false security alerts, show us real threats, and demonstrate how serious it is without impacting negatively on the performance.

The researcher must not publish or share the vulnerability information with third parties.

Testing Requirements:

Do not use any solution that could harm a shared hosting environment.

Possible Awards:

as a web developer, I cannot speak for my clients. Special thanks will be submitted to a specific page providing all the licensing related matters.
Also websites above are currently under heavy migration.
You may report bugs on area that are under decommissioning. We are thankful though, but we do not have the resources to fix unless absolutely necessary this part, along with the migration development tasks.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 04.03.2021 obozrevatel.com
 04.03.2021 jobth.com
 04.03.2021 tcyonline.com
 03.03.2021 klear.com
 03.03.2021 haraj.ws
 03.03.2021 mylibmusic.me
 03.03.2021 statscrop.com
 02.03.2021 deltadentalins.com
 02.03.2021 uscutter.com
 02.03.2021 skoob.com.br

  Latest Blog Posts

10.02.2021 by Renzi25031469
Sysadminotaur nº88
10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard
25.12.2020 by _Y000_
How to bypass mod_security (WAF)
10.12.2020 by _Y000_
sql injection to bypass Mod_Security
10.12.2020 by _Y000_
Create encoded sql payloads

  Recent Recommendations

@_lhordd     3 March, 2021
    Twitter _lhordd:
Thanks for helping me with the flaws in my site. The best work i’ve ever seen.
@_Kkommi     3 March, 2021
    Twitter _Kkommi:
Thanks for reporting xss in my site.
@_Kkommi     3 March, 2021
    Twitter _Kkommi:
Thanks
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank Cyber_India for a responsible and coordinated disclosure of vulnerabilities.
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank Cyber_India for a responsible and coordinated disclosure of vulnerabilities