Coordinated and Responsible Vulnerability Disclosure Free Bug Bounty Program 469,233 coordinated disclosures
251,355 fixed vulnerabilities
623 bug bounties with 1247 websites
12,669 researchers, 978 honor badges

Twoucan Bug Bounty Program

Twoucan runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Twoucan

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Twoucan and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

twoucan.com

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

深刻と思われる脆弱性を発見された場合、報告をお願いします。

Testing Requirements:

サイトに負荷をかけないようお願いします。
問い合わせフォームへの大量投稿などの迷惑行為は禁止します。

Possible Awards:

報告を受け次第検討しますが、重大な脆弱性以外は報奨金を出すのは難しいとお考え下さい。

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

    1 July, 2019
    mrkrhy:
They don't give any reward even if you found a serious vulnerability.

  Latest Patched

 20.11.2019 netbarg.com
 20.11.2019 honda-tech.com
 20.11.2019 audiworld.com
 20.11.2019 clublexus.com
 20.11.2019 rennlist.com
 20.11.2019 mbworld.org
 20.11.2019 cnbctv18.com
 20.11.2019 climate.hawaii.gov
 20.11.2019 corvetteforum.com
 20.11.2019 adultwork.com

  Latest Blog Posts

30.10.2019 by Nep_1337_1998
Denial of Service vulnerability in script-loader.php (CVE-2018-6389)
17.10.2019 by 0xrocky
Stored XSS
17.10.2019 by geeknik
The "S" in IOT is for Security
16.10.2019 by Fadavvi
Best XSS Vectors
01.10.2019 by Renzi25031469
#Security 100%

  Recent Recommendations

    19 November, 2019
     sbcsirt:
Dear fakessh,

Thank you for discovering the vulnerability of our website.
We were able to immediately fix this vulnerability thanks to your report.
We appreciate your kindness.

Best regards,
SoftBank CSIRT
    17 November, 2019
     Project84823360:
4N_CURZE did a great job locating and letting us know about vulnerabilities. He was detailed, professional and provided exceptional turnaround time. It was our pleasure to work with him! Thanks again.
    15 November, 2019
     hyperext_uk:
@Cyberanteater very kindly alerted us about a git vunerability on one of our websites which we promptly fixed. This also prompted us to audit all our other projects.

Much appreciated.
Steve
    15 November, 2019
     dalitso47152461:
Thanks for bringing the issue to our attention. The info you provided was very helpful and instrumental in getting a fix in place.
    14 November, 2019
     cloudrexx:
Thank you very much for making us aware of the issue and providing us a high quality vulnerability report which helped us identify the source of the vulnerability right away.