Infosec Institute

Open Bug Bounty mentioned in the
Top 6 Bug Bounty programs of
2022 by the InfoSec Institute

The Hacker News

Open Bug Bounty named among the
Top 5 Bug Bounty programs of 2021
by The Hacker News

Platform update: please use our new authentication mechanism to securely use the Open Bug Bounty Platform.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
 1,704,749 coordinated disclosures
1,383,436 fixed vulnerabilities
1,991 bug bounty programs, 3,919 websites
47,068 researchers, 1,651 honor badges

OpenBugBounty.org > Bug Bounty List > Cimarron Outdoors Non-Profit Bug Bounty Program

Cimarron Outdoors Non-Profit Bug Bounty Program

Cimarron Outdoors Non-Profit runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Cimarron Outdoors Non-Profit

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Cimarron Outdoors Non-Profit and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:

cimarronoutdoors.org

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Proof of vulnerabilities on our site and notes on how to recreate them. Suggested remedies would be great.

Testing Requirements:

There are no restrictions, just don't break our site please.

Possible Awards:

As we are a non-profit we will check with the board on gathering together a monetary donation as thanks for the help notifying vulnerabilities.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Please send them to [email protected]

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGAz/hABEADGSoDL6vCKt/ipgB79xR8WS2EGpxGgA4jP18zq3O6rQmkg2Ytx
dJerqb/j5XHlpnDwRI+HD9wQfdaYeS1mfVQMUUWs8Lib6FMIVcMljmrXa5anrqaq
jTAxRlutyL1wy6SO1u/dS1F3qXvQR07JLWL+y5ASpNkZ4kBcZF4Lc4CGp4lE3Lw2
k0si4QpPEgiYujEYpcDk3vyvvDQPElrfXDv9MJKJPnGEut7xxeAnJZchoni4Vnfk
zK2v+ueUhfWtzjfaR7v3igl0IbDA4lZoPqJO1WVAnAUdAGHGLrUEnOjcZhmv2hwa
flRVsGE6eg1Np1KQ0UfQqqHQblVpVK42qvE7iuTfsAK7Nh18dbyAcUZBJ82hEISW
uiyzN5154+JZrdh5HUfhSOj3ty6UHqTONRdMAxpfG2CtPk0avGMgBpa1+I82Un4b
BHSiLlRhpbEWBhDVo2Vy7TRzUAsprdC6n1FTDBC5OR1xVfLRxNIPhhzAx4t56HHg
A6Ad7WeWTZL97bss8DcK2n/YPDC67DkrgCaKgUVFGCr+qa3aAKByIsBh2LN45Amz
54LOjieqgijRSnT4ka2O7EA12KzehTTNIxjPO+1XabSWMu3bxsh5Unszt24DD+3y
L7fA2rcz55ZHrPQICUYjWArXYmRqtp7BJKeFxHRaubka8f7c6uEgLViriQARAQAB
tDJDaW1hcnJvbiBPdXRkb29ycyA8ZG9uYXRpb25zQGNpbWFycm9ub3V0ZG9vcnMu
b3JnPokCTgQTAQgAOBYhBHrReMBxdO4wnfc8KBvxrAV7/sOGBQJgM/4QAhsDBQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBvxrAV7/sOGkdEP/jVxlQEr54JePPyL
TSAknJHqhuPdQcNbcwwE/K9cFEKhsFn9JNfo1YrmPtyN1ABEvp8mq2512ejOXXlA
JpVIX1Who3VXLsX/a3HDyAyADpeTsiMT1qXnj3ZEFOLaG6tDiVYkRq0v9fcdMh9r
6HI+6h5WhOkEquP0VY8fkq9cH6CSyzQKN8/VvS5pIQuvAa55C1Dfg5yTJWnDRHUq
Ghe8YlVuMd4uymfs6eyqNPgSmSka5HbxLCKWdToXLx2iW2yi518uQTxJPfRy8iDi
eAXZCZWrZGd1dv2SGa61fPESkG9Bcpes9tlY4hEhD1ifuSnQwLnAC2a2cqWKhRha
4FERgaAYkiCoaPta2kpRTq/7P2XFnglpOiAjsY4yeX9IB7P8REYsGFq9PxaCDbxC
YrxdZf6S6qS+/x/W/7yW3+FOW1zz70D34eeHmq6EThoN0EIhzzSo8i5yRwK5YyRt
6colGHwTlOHUYimokpt3YnbfBagVSqXH7B47i9ukY/gRiMNN3ZUu3c5uj/JBFQQz
ZMsnvVC9wmlm7BWwvaxn0uJ5Lf5axus4t7rni93BA6ugNJUcgQfGtbcmfanLIuCd
YpW5YikByUZ4T5Bz0RcO+7q3FM4Fp6XOlAVTBx2cc/UuEGEu9Ys1sWhPW3pVwhOw
uKQLnhAqf3mbA6KOO67I53WrW0tWuQINBGAz/hABEADHW79yXA07E3Mgza8v5PZy
ngU0lq8/MSXyOytYA8DgN7wZLciZZ4WcvVjIs1Pk+MvKJXjHr8MMR1vMnzssW+dK
ubhCE6a/fhLDQcZ5ENu//oQcuL7Q6UZ1zFUQUPlIDa2f3Oizl2p6v9vDzdbJ4hZH
lDG2fCo4BTQdYgax9FE/kR1iwkdV6/Mz5TKTT32UIog3jWpdmFR7R1f0ajChcPsy
xCSod5Yo96gkyPe2HG04o+DsP9VPnZgH8hYkL+6qFYtGBLW8n71qPhaWGc3MorKX
zEpv7EG/iDkvVqwCTwRqaaQMZv5Trv/KqgECNQX5oqyqvEvbS5/ZijVG0hoaLHC+
RYOeVGMAd/3bTdOhFPGUmrV1LFL7M8qzTuIHrkCkq2gbxLDCxBPPfljs5MBRNnhD
7LR/AcPrx+1vJyJehgIpl1z2BEjTcm4zvvzvhGmyqRWu6NxF+JZULqGABvos6v6Y
okOvshBFjGkffRTA6ucxK459SW5wu/bKRW1FfbOjrq8aAYyQgf7s1n7cbD8BEREg
exuB00aKPuYKaKSHWJYyW/8Gd8oaDHa6CS/tQWccAbBNXqtEsXiMzKBUHQgwbZZR
qOkeG1bIJf7Mf9gSWVDwC+vC+pZtIcUgfs/PLIhFL9iarf2tzfYzZLQZ0o2++dNJ
ZZ8auns0LpyX2OfsU4D4EwARAQABiQI2BBgBCAAgFiEEetF4wHF07jCd9zwoG/Gs
BXv+w4YFAmAz/hACGwwACgkQG/GsBXv+w4bpoxAAuF4QC0g+1dlmWCTc7LViO81Q
e3TTadSsCdT6ALIfiQDIY4+FF4ydngNikB4D2T7todfdEf/rH6DLnAjMDfiuk+Ge
25McucABeKu7B02eGWh30eXUf2Z+T/ejykZVxUEry5v9kLzz7c1dj7IYcYdulwzc
5v9PxsFHF72f+oIhPFAdLR+Sup9lflTn9I2JQCVdVkxsUpaT008pPHDIyMHjjAbn
ikF/+Z/OKSe1NolwvHuZgRSKmrFl8aUTrYuTGq5vbBH6L/wRqTSqOWLPdAfq12GO
VJzGqrj4NfBwpxOT7mHK7qjVCqcokV3WNdlegrcDK3UVH33mWaFTRbsBcj4fHCrt
imMxEv+xWrhrBDTL3Q8h5zk1yo81XDMttQ4Wbu7VvyoynQdwd17NJ6xTldNtjmTN
7spk/HdH/Z52XOgrwI0Z5/KpJf0Ka/LIHGIsGR50Nn+dZNfQdrAJE02EKAF7//3z
EaQGuznxszyfcwZ26FqQkkRk+CDSUZObchLtr1wibGImInIavNch1fMAFRsmpZ7n
QIzdT47HvdpUkAfCura651XXFhycrw5YmGSBsd9+TiW/5Egy9nbuCg+X+G96TIn6
IzHZy5HXx8wUi4yR0pAxJEmADsmugOx8t8uXIjgDTLYNoCxGWEiPjNbARFEYVGs+
6QnCOLBwAhwVp7Dh6/w=
=JcNA
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

Proof of vulnerabilities on our site and notes on how to recreate them. Suggested remedies would be great.

Testing Requirements:

There are no restrictions, just don't break our site please.

Possible Awards:

As we are a non-profit we will check with the board on gathering together a monetary donation as thanks for the help notifying vulnerabilities.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 26.04.2024 news.gov.mb.ca
 26.04.2024 mdanderson.org
 25.04.2024 seeu.edu.mk
 25.04.2024 xaxim.sc.gov.br
 25.04.2024 lacerdopolis.sc.gov.br
 24.04.2024 tap.mk.gov.lv
 23.04.2024 data.aad.gov.au
 23.04.2024 bitporno.to
 23.04.2024 sys01.lib.hkbu.edu.hk
 23.04.2024 srvm.gov.za

  Latest Blog Posts

04.12.2023 by BAx99x
Unmasking the Power of Cross-Site Scripting (XSS): Types, Exploitation, Detection, and Tools
04.12.2023 by a13h1_
$1120: ATO Bug in Twitter’s
04.12.2023 by ClumsyLulz
How I found a Zero Day in W3 Schools
04.12.2023 by 24bkdoor
Hack the Web like a Pirate: Identifying Vulnerabilities with Style
04.12.2023 by 24bkdoor
Navigating the Bounty Seas with Open Bug Bounty

  Recent Recommendations

    22 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
    10 April, 2024
    Mars:
Hatim uncovered a XSS bug that we were able to quickly resolve. Thanks very much for your assistance and help.
    8 April, 2024
    Panthermedia:
Thanks to the support of Hatim Chabik, we were able to identify and solve an XSS bug.
    5 April, 2024
    pubpharm:
Pooja found a XSS vulnerability on our website and provided us with the needed Information for replication and fixing the issue. Which she verified afterwards.
We thank her for the reporting and assistance.
    2 April, 2024
    genoverband:
Thank you for your invaluable help in ensuring the security of our domain and its visitors!
Making Web a Safer Place
Coordinated & Responsible Disclosure
Based on ISO 29147 Guidelines

2023 © OpenBugBounty
  • Follow us