Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,113,973 coordinated disclosures
707,207 fixed vulnerabilities
1,461 bug bounty programs, 2,921 websites
25,725 researchers, 1,379 honor badges

Wirth Horn Bug Bounty Program

Wirth Horn runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Wirth Horn

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Wirth Horn and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

shop.bva-bikemedia.de
fahrrad-buecher-karten.de
kamphausen.media
magellanverlag.de
magellan-shop.com
ccbuchner.de
deltapublishing.co.uk
edition-unseld.de
verlagderweltreligionen.de
suhrkamp.de
behrs.de
hase-und-igel.de
loewe-verlag.de
europa-lehrmittel.de
ht-go.de
handwerk-technik.de
junfermann.de
waldorfbuch.de
dorlingkindersley.de
klett-sprachen.es
klett-usa.com
derdiedaf.com
klinkhardtundbiermann.de
hirmerverlag.de
tvz-verlag.ch
kunstmann.de
rundel.de
korsch-verlag.de
lindeverlag.at
international.klett-sprachen.de
dtv.de
klett-sprachen.de

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

We are interested in hearing about any potential security issues on the websites, web services and products we release. Please report only issues that have an actual security impact in a realistic scenario. This does not mean you need to fully exploit issues, just provide the information you have, and we will analyze your report and draw conclusions on the impact.

* Please send a clear description of the report along with a guidline to reproduce the issue, include attachments such as screenshots or proof of concept code as necessary.
* You must avoid tests that could cause degradation or interruption of the websites and services. Thus limit your requests per second.
* You must not leak, manipulate, or destroy any user data.

Qualifying Vulnerabilities:
* Cross Site Scripting (XSS)
* Cross Site Request Forgery (CSRF)
* Local files access and manipulation (LFI, RFI, XXE, SSRF, XSPA)
* Authentication and Authorization Flaws
* Remote Code Execution (RCE)
* Code injections (HTML, JS, SQL, PHP, etc.)
* Insecure direct object references
* CORS
* Directory Traversal
* Privilege Escalation

Testing Requirements:

Vulnerabilities should be verified as authentic, and not simply automated results of pen-tests.

* Do not run automated scans without checking with us first.
* Do not test using social engineering techniques (phishing, vishing, etc.)
* Do not perform DoS or DDoS attacks.
* Do not attack our end users, or engage in trade of stolen user credentials.

Possible Awards:

Currently, we have no active reward program for reported vulnerabilities. We will post a recommendation to researcher's profile if desired.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

Manojkhd     18 May, 2020
    Manojkhd:
I ‘am security researcher @ManojKhd. This report is Reflected XSS “Cross site scripting” or Cross-Site Request Forgery (CSRF) vulnerability affected website list:
deltapublishing.co.uk CSRF/XSS
klett-usa.com: CSRF
lindeverlag.at: CSRF
klett-sprachen.de: CSRF
lindeverlag.at CSRF

I hope the respective would security patch & fix this vulnerability as soon as possible. We will be received a positive feedback and like Award Swag, T-Shirt, Hall of Fame, Acknowledgment, Certificate of Appreciation. I request for you please. A recommendation on my profile security researcher’s @openbugbounty platform Thank you!

  Latest Patched

 27.11.2021 olhardigital.com.br
 27.11.2021 uab.cat
 27.11.2021 uady.mx
 27.11.2021 showpo.com
 26.11.2021 apichoke.me
 26.11.2021 codex-themes.com
 26.11.2021 capcom.com
 26.11.2021 bswa.net
 26.11.2021 bitly.me
 26.11.2021 e-vocacion.es

  Latest Blog Posts

11.11.2021 by mistry4592
The Most used Chrome Extensions are Used For Penetration Testing.
08.10.2021 by NNeuchi
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
26.08.2021 by PyaePhyoThu98
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty
25.05.2021 by 0xrocky
Google XSS Game

  Recent Recommendations

@chrisbeach     27 November, 2021
    Twitter chrisbeach:
Thanks very much for reporting a bug in my website
@HR4YOU_AG     23 November, 2021
    Twitter HR4YOU_AG:
Thanks H_chabik for reporting an issue with our website!
@skyynet_de     19 November, 2021
    Twitter skyynet_de:
Thanks for informing me about a general PHP malfunction which could be used to scam people on my website.
@sandovs     19 November, 2021
    Twitter sandovs:
Cyber_World helped us by pointing out some log files that shouldn't be public! Thank you for the responsible disclosure and cordiality during the whole process!
@bjdean     17 November, 2021
    Twitter bjdean:
Very helpful and responsive to questions. Thanks for the report.