Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
553,570 coordinated disclosures
355,512 fixed vulnerabilities
837 bug bounties with 1,619 websites
17,251 researchers, 1151 honor badges

Sportsa Bug Bounty Program

Sportsa runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Sportsa

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Sportsa and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

sportsa.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Please refer to https://sportsa.com/help/MCWD_reporting_bugs_vulnerabilities.html for details of our program.

Testing Requirements:

Vulnerabilities should be verified as authentic, and not simply automated results of pen-tests.

Possible Awards:

At this time SPORTSA does not hold a paid bug reporting program, but you will be credited on our credits page

Special Notes:

Please do not report issues with shared URLS on our platform, it is expected behaviour that users can link to external sites and these are automatically and randomly scanned, thank you.

Please report any bugs to: https://sportsa.com/help/feedback/ so we can correctly track and attribute any bugs

Other Submissions Handling

Website owner want to receive information about other vulnerabilities

Notifications:

Please email these to [email protected]

General Requirements:

Please refer to https://sportsa.com/help/MCWD_reporting_bugs_vulnerabilities.html for details of our program.

Testing Requirements:

At this time SPORTSA does not hold a paid bug reporting program, but you will be personally credited on our credits page

Possible Awards:

At this time SPORTSA does not hold a paid bug reporting program, but you will be personally credited on our credits page

Special Notes:

Please do not report issues with shared URLS on our platform, it is expected behaviour that users can link to external sites and these are automatically and randomly scanned, thank you.

Please report any bugs to: https://sportsa.com/help/feedback/ so we can correctly track and attribute any bugs

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

    27 July, 2020
    AbhishekMorla:
not responding

  Latest Patched

 05.08.2020 fau.edu
 05.08.2020 rta.ae
 05.08.2020 thisismoney.co.uk
 05.08.2020 bayt.com
 05.08.2020 satkurier.pl
 05.08.2020 mysurvey.com
 05.08.2020 mustit.co.kr
 04.08.2020 hardware.fr
 04.08.2020 gamemeca.com
 04.08.2020 affinity.com

  Latest Blog Posts

24.06.2020 by Gkexamquiz
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020
24.06.2020 by 0xcrypto
Improper Access Control - Generic: Unrestricted access to any "connected pack" on docs in coda.io
04.04.2020 by Rando02355205
(Alibaba) message.alibaba.com [IDOR] - [Bug Bounty]
12.03.2020 by Rando02355205
(Paypal) www.paypal.com [CSP High Level] - [XSS Reflected] - [Bug Bounty] - [Write Up]
08.03.2020 by CybeReports
JDECO.net XSS Vulnerability| CybeReports

  Recent Recommendations

    6 August, 2020
     Robert_CMI:
Thank you Rajesh for reporting vulnerabilities on our website, your quick and detailed response was very valuable to us!
    6 August, 2020
     StefanCink:
Thanks to @singhnitesh21 we were able to close a vulnerability on our website asap. Thank you!
    5 August, 2020
     kkb5mobile:
Thank you for pointing out the vulnerability.
Thanks to you, I was able to respond safely.
    5 August, 2020
     h_ono:
Great work, thanks for finding a bug and kindly reporting it.
    5 August, 2020
     PGSOC1:
Numan has responsibly reported a CSRF vulnerability on our website. We credit Numan for responsible disclosure.