Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
541,679 coordinated disclosures
348,480 fixed vulnerabilities
816 bug bounties with 1,594 websites
16,709 researchers, 1133 honor badges

Websavers Inc Bug Bounty Program

Websavers Inc runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Websavers Inc

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Websavers Inc and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

*.websavers.ca

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

We value a complete report with full technical details. We must be able to reproduce the vulnerability and clearly demonstrate that it both exists and represents a weakness in our systems.

While we appreciate all types of reports, there needs to be at least one of the following in order to receive a reward:

1. A demonstrable data leak of data which should not be publicly accessible
2. Incontrovertible evidence that the weakness can be exploited to sufficiently detrimental effect to cause obvious problems with our systems. For example simply allowing xml-rpc in WordPress is not a vulnerability unless you can prove that our firewalls are not effectively blocking bruteforce or DoS attacks against it.

Testing Requirements:

Ensure that any vulnerability scanners are rate-limited. Please ensure to provide complete steps to reproduce and details on why you believe it to be a vulnerability.

Please do *not* submit lazy reports, like "your server says it uses this library which is old!" as many libraries either receive backports while keeping their older version number OR have no known vulnerabilities. You must successfully reproduce an attack on that library that satisfies our "General Requirements" for your report to be accepted.

Possible Awards:

Kudos is always guaranteed, while monetary compensation is possible depending on severity of report.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

    16 June, 2020
    pwn_box:
Hello Team I have found an information Disclosure vulnerability can you provide me a mail id of the security team so that I can report it .Thanks :)

  Latest Patched

 09.07.2020 plagscan.com
 09.07.2020 cpagrip.com
 09.07.2020 grin.com
 09.07.2020 gettyimages.fr
 09.07.2020 kiplinger.com
 09.07.2020 penzance-tc.gov.uk
 09.07.2020 eszkola.pl
 09.07.2020 rid.ncifcrf.gov
 09.07.2020 nu.or.id
 09.07.2020 gamebanana.com

  Latest Blog Posts

24.06.2020 by Gkexamquiz
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020
24.06.2020 by 0xcrypto
Improper Access Control - Generic: Unrestricted access to any "connected pack" on docs in coda.io
04.04.2020 by Rando02355205
(Alibaba) message.alibaba.com [IDOR] - [Bug Bounty]
12.03.2020 by Rando02355205
(Paypal) www.paypal.com [CSP High Level] - [XSS Reflected] - [Bug Bounty] - [Write Up]
08.03.2020 by CybeReports
JDECO.net XSS Vulnerability| CybeReports

  Recent Recommendations

    9 July, 2020
     newstroll_de:
Thanks for reporting the bug in a very professional manner. We appreciate your work that helps us making our service more secure.
    9 July, 2020
     MariStep2:
Great job! :) Thank you for searching for vulnerabilities on our site. Very responsive, attentive and responsible Security Researcher.
    8 July, 2020
     ziduniwien:
Dear Tanzil,

The University of Vienna would like to thank you for your valuable contribution in finding multiple website security issues.
Your input is highly welcome and helps to raise the security level of our educational institution.

Servus and greetings from Vienna, Austria.
    8 July, 2020
     baladulan:
Armin, vielen Dank für deine Unterstützung!
    6 July, 2020
     aldraHastur:
Vielen Dank für den Hinweis, mit dem wir eine Lücke im System schließen konnten.