Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
832,050 coordinated disclosures
466,891 fixed vulnerabilities
1277 bug bounties with 2,435 websites
21,710 researchers, 1280 honor badges

Cimarron Outdoors Non-Profit Bug Bounty Program

Cimarron Outdoors Non-Profit runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Cimarron Outdoors Non-Profit

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Cimarron Outdoors Non-Profit and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:

cimarronoutdoors.org

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Proof of vulnerabilities on our site and notes on how to recreate them. Suggested remedies would be great.

Testing Requirements:

There are no restrictions, just don't break our site please.

Possible Awards:

As we are a non-profit we will check with the board on gathering together a monetary donation as thanks for the help notifying vulnerabilities.

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Please send them to [email protected]

PGP Key:

Show key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGAz/hABEADGSoDL6vCKt/ipgB79xR8WS2EGpxGgA4jP18zq3O6rQmkg2Ytx
dJerqb/j5XHlpnDwRI+HD9wQfdaYeS1mfVQMUUWs8Lib6FMIVcMljmrXa5anrqaq
jTAxRlutyL1wy6SO1u/dS1F3qXvQR07JLWL+y5ASpNkZ4kBcZF4Lc4CGp4lE3Lw2
k0si4QpPEgiYujEYpcDk3vyvvDQPElrfXDv9MJKJPnGEut7xxeAnJZchoni4Vnfk
zK2v+ueUhfWtzjfaR7v3igl0IbDA4lZoPqJO1WVAnAUdAGHGLrUEnOjcZhmv2hwa
flRVsGE6eg1Np1KQ0UfQqqHQblVpVK42qvE7iuTfsAK7Nh18dbyAcUZBJ82hEISW
uiyzN5154+JZrdh5HUfhSOj3ty6UHqTONRdMAxpfG2CtPk0avGMgBpa1+I82Un4b
BHSiLlRhpbEWBhDVo2Vy7TRzUAsprdC6n1FTDBC5OR1xVfLRxNIPhhzAx4t56HHg
A6Ad7WeWTZL97bss8DcK2n/YPDC67DkrgCaKgUVFGCr+qa3aAKByIsBh2LN45Amz
54LOjieqgijRSnT4ka2O7EA12KzehTTNIxjPO+1XabSWMu3bxsh5Unszt24DD+3y
L7fA2rcz55ZHrPQICUYjWArXYmRqtp7BJKeFxHRaubka8f7c6uEgLViriQARAQAB
tDJDaW1hcnJvbiBPdXRkb29ycyA8ZG9uYXRpb25zQGNpbWFycm9ub3V0ZG9vcnMu
b3JnPokCTgQTAQgAOBYhBHrReMBxdO4wnfc8KBvxrAV7/sOGBQJgM/4QAhsDBQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBvxrAV7/sOGkdEP/jVxlQEr54JePPyL
TSAknJHqhuPdQcNbcwwE/K9cFEKhsFn9JNfo1YrmPtyN1ABEvp8mq2512ejOXXlA
JpVIX1Who3VXLsX/a3HDyAyADpeTsiMT1qXnj3ZEFOLaG6tDiVYkRq0v9fcdMh9r
6HI+6h5WhOkEquP0VY8fkq9cH6CSyzQKN8/VvS5pIQuvAa55C1Dfg5yTJWnDRHUq
Ghe8YlVuMd4uymfs6eyqNPgSmSka5HbxLCKWdToXLx2iW2yi518uQTxJPfRy8iDi
eAXZCZWrZGd1dv2SGa61fPESkG9Bcpes9tlY4hEhD1ifuSnQwLnAC2a2cqWKhRha
4FERgaAYkiCoaPta2kpRTq/7P2XFnglpOiAjsY4yeX9IB7P8REYsGFq9PxaCDbxC
YrxdZf6S6qS+/x/W/7yW3+FOW1zz70D34eeHmq6EThoN0EIhzzSo8i5yRwK5YyRt
6colGHwTlOHUYimokpt3YnbfBagVSqXH7B47i9ukY/gRiMNN3ZUu3c5uj/JBFQQz
ZMsnvVC9wmlm7BWwvaxn0uJ5Lf5axus4t7rni93BA6ugNJUcgQfGtbcmfanLIuCd
YpW5YikByUZ4T5Bz0RcO+7q3FM4Fp6XOlAVTBx2cc/UuEGEu9Ys1sWhPW3pVwhOw
uKQLnhAqf3mbA6KOO67I53WrW0tWuQINBGAz/hABEADHW79yXA07E3Mgza8v5PZy
ngU0lq8/MSXyOytYA8DgN7wZLciZZ4WcvVjIs1Pk+MvKJXjHr8MMR1vMnzssW+dK
ubhCE6a/fhLDQcZ5ENu//oQcuL7Q6UZ1zFUQUPlIDa2f3Oizl2p6v9vDzdbJ4hZH
lDG2fCo4BTQdYgax9FE/kR1iwkdV6/Mz5TKTT32UIog3jWpdmFR7R1f0ajChcPsy
xCSod5Yo96gkyPe2HG04o+DsP9VPnZgH8hYkL+6qFYtGBLW8n71qPhaWGc3MorKX
zEpv7EG/iDkvVqwCTwRqaaQMZv5Trv/KqgECNQX5oqyqvEvbS5/ZijVG0hoaLHC+
RYOeVGMAd/3bTdOhFPGUmrV1LFL7M8qzTuIHrkCkq2gbxLDCxBPPfljs5MBRNnhD
7LR/AcPrx+1vJyJehgIpl1z2BEjTcm4zvvzvhGmyqRWu6NxF+JZULqGABvos6v6Y
okOvshBFjGkffRTA6ucxK459SW5wu/bKRW1FfbOjrq8aAYyQgf7s1n7cbD8BEREg
exuB00aKPuYKaKSHWJYyW/8Gd8oaDHa6CS/tQWccAbBNXqtEsXiMzKBUHQgwbZZR
qOkeG1bIJf7Mf9gSWVDwC+vC+pZtIcUgfs/PLIhFL9iarf2tzfYzZLQZ0o2++dNJ
ZZ8auns0LpyX2OfsU4D4EwARAQABiQI2BBgBCAAgFiEEetF4wHF07jCd9zwoG/Gs
BXv+w4YFAmAz/hACGwwACgkQG/GsBXv+w4bpoxAAuF4QC0g+1dlmWCTc7LViO81Q
e3TTadSsCdT6ALIfiQDIY4+FF4ydngNikB4D2T7todfdEf/rH6DLnAjMDfiuk+Ge
25McucABeKu7B02eGWh30eXUf2Z+T/ejykZVxUEry5v9kLzz7c1dj7IYcYdulwzc
5v9PxsFHF72f+oIhPFAdLR+Sup9lflTn9I2JQCVdVkxsUpaT008pPHDIyMHjjAbn
ikF/+Z/OKSe1NolwvHuZgRSKmrFl8aUTrYuTGq5vbBH6L/wRqTSqOWLPdAfq12GO
VJzGqrj4NfBwpxOT7mHK7qjVCqcokV3WNdlegrcDK3UVH33mWaFTRbsBcj4fHCrt
imMxEv+xWrhrBDTL3Q8h5zk1yo81XDMttQ4Wbu7VvyoynQdwd17NJ6xTldNtjmTN
7spk/HdH/Z52XOgrwI0Z5/KpJf0Ka/LIHGIsGR50Nn+dZNfQdrAJE02EKAF7//3z
EaQGuznxszyfcwZ26FqQkkRk+CDSUZObchLtr1wibGImInIavNch1fMAFRsmpZ7n
QIzdT47HvdpUkAfCura651XXFhycrw5YmGSBsd9+TiW/5Egy9nbuCg+X+G96TIn6
IzHZy5HXx8wUi4yR0pAxJEmADsmugOx8t8uXIjgDTLYNoCxGWEiPjNbARFEYVGs+
6QnCOLBwAhwVp7Dh6/w=
=JcNA
-----END PGP PUBLIC KEY BLOCK-----

General Requirements:

Proof of vulnerabilities on our site and notes on how to recreate them. Suggested remedies would be great.

Testing Requirements:

There are no restrictions, just don't break our site please.

Possible Awards:

As we are a non-profit we will check with the board on gathering together a monetary donation as thanks for the help notifying vulnerabilities.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 05.03.2021 icsangiustino.gov.it
 05.03.2021 o2.co.uk
 04.03.2021 uow.edu.au
 04.03.2021 obozrevatel.com
 04.03.2021 jobth.com
 04.03.2021 tcyonline.com
 03.03.2021 klear.com
 03.03.2021 haraj.ws
 03.03.2021 mylibmusic.me
 03.03.2021 statscrop.com

  Latest Blog Posts

10.02.2021 by Renzi25031469
Sysadminotaur nº88
10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard
25.12.2020 by _Y000_
How to bypass mod_security (WAF)
10.12.2020 by _Y000_
sql injection to bypass Mod_Security
10.12.2020 by _Y000_
Create encoded sql payloads

  Recent Recommendations

@_mrjd0g_     4 March, 2021
    Twitter _mrjd0g_:
Thank you for the report and responding so quickly to our request for more information, it helped us track the issue down and fix it. Appreciate the work you do.
@_lhordd     3 March, 2021
    Twitter _lhordd:
Thanks for helping me with the flaws in my site. The best work i’ve ever seen.
@_Kkommi     3 March, 2021
    Twitter _Kkommi:
Thanks for reporting xss in my site.
@_Kkommi     3 March, 2021
    Twitter _Kkommi:
Thanks
@CERT_rlp     1 March, 2021
    Twitter CERT_rlp:
The team of CERT-rlp would like to thank Cyber_India for a responsible and coordinated disclosure of vulnerabilities.