Report Email Alerts Open Bug Bounty: 113174 coordinated disclosures
Full Disclosure: 32423 vulnerabilities
Total Vulnerabilities Fixed: 38023
120777 vulnerable websites, 12915 VIP websites
2949 security researchers, 3977 notification subscribers

Open Bug Bounty & Coordinated Disclosure

We endorse and encourage coordinated vulnerability disclosure to help website owners and administrators to secure their web applications and the end-users.


Vulnerability type:
Select reporting methodology:Open Bug Bounty (Recommended) To participate in the Open Bug Bounty coordinated vulnerability disclosure program please login via Twitter. Anyone can participate, anyone can help!
Full Disclosure

Please carefully follow submission guidelines:

  • Your XSS must display 'OPENBUGBOUNTY' string in a JS popup, for example:
    • <script>alert('OPENBUGBOUNTY')</script>
    • <img src=x onerror=prompt(/OPENBUGBOUNTY/)>
    • <script src=https://openbugbounty.org/1.js>
  • Your XSS must affect the domain for which you submit the vulnerability - XSS in iframes or after redirects are not accepted.
  • Iframe injections must contain an iframe with openbugbounty.org inside.
  • Same XSS in different scripts (e.g. one global parameter affecting all pages) will NOT be published as separate XSSs, and will be deleted.
  • Multiple re-submissions of the same vulnerability will result in removal of all these submissions.
  • Please allow up to 24 hours for XSS approval and publication.
  • Due to high amount of work required, mass posting vulnerabilities will NOT be re-checked if not accepted after submission.
    Please make sure you post only valid PoCs!
* XSS URL:
POST data


appication/x-www-form-urlencoded
POST data example:


key1=value1&key2=value2
multipart/form-data
POST data example:


---------------573cf973d5228
Content-Disposition: form-data; name="key1"

value1
---------------573cf973d5228
Content-Disposition: form-data; name="key2"

value2
---------------573cf973d5228--
Cookies:
Your nickname:
Send notification to subscribers: A notification will be sent to all people who are subscribed for the domain.
A notification will be sent to:
security@
webmaster@
contact@
info@
Send notification to an email address provided on the vulnerable website (e.g. security contact - if any, etc).
A notification will be sent via OpenBugBounty twitter account (available only for VIP submissions)
If exploitation is not trivial, specify the exact steps to reproduce the vulnerability. Please be brief and clear!
*



Latest VIP Submissions

casadellibro.com
Reported by Flekyy90 Approved XSS vulnerabilities: 31
Approved XSS vulnerabilities on VIP websites: 2
on 01.05.2017
toysrus.com
Reported by Liam_Somerville Twitter: @LiamMSomerville
Approved XSS vulnerabilities: 74
Approved XSS vulnerabilities on VIP websites: 3
on 30.04.2017
thesmartsearch.net
Reported by stacksmash3r Twitter: @stacksmash3r
Approved XSS vulnerabilities: 3
Approved XSS vulnerabilities on VIP websites: 1
on 30.04.2017
tagesspiegel.de
Reported by ThomySec Approved XSS vulnerabilities: 13
Approved XSS vulnerabilities on VIP websites: 7
on 30.04.2017
jiji.ng
Reported by shilewareeq Guest Researcher Profile on 30.04.2017
telenor.no
Reported by M0r3h4x Approved XSS vulnerabilities: 15
Approved XSS vulnerabilities on VIP websites: 2
on 30.04.2017
searchenginejournal.com
Reported by Omegaton Twitter: @Fabio_Rahamim
Approved XSS vulnerabilities: 10
Approved XSS vulnerabilities on VIP websites: 2
on 30.04.2017
ic.gc.ca
Reported by Random_Robbie Twitter: @Random_Robbie
Recommendations received: 12
Approved XSS vulnerabilities: 3213
Approved XSS vulnerabilities on VIP websites: 297
on 30.04.2017
milanoo.com
Reported by Random_Robbie Twitter: @Random_Robbie
Recommendations received: 12
Approved XSS vulnerabilities: 3213
Approved XSS vulnerabilities on VIP websites: 297
on 30.04.2017
buyincoins.com
Reported by Random_Robbie Twitter: @Random_Robbie
Recommendations received: 12
Approved XSS vulnerabilities: 3213
Approved XSS vulnerabilities on VIP websites: 297
on 30.04.2017

Latest Submissions

fagsmut.net
Reported by OmniGooch Recommendations received: 3
Approved XSS vulnerabilities: 2879
Approved XSS vulnerabilities on VIP websites: 167
on 01.05.2017
nationalhomebrew.com.au
Reported by OmniGooch Recommendations received: 3
Approved XSS vulnerabilities: 2879
Approved XSS vulnerabilities on VIP websites: 167
on 01.05.2017
zanoonemardoone.ir
Reported by OmniGooch Recommendations received: 3
Approved XSS vulnerabilities: 2879
Approved XSS vulnerabilities on VIP websites: 167
on 01.05.2017
portpropmgt.com
Reported by OmniGooch Recommendations received: 3
Approved XSS vulnerabilities: 2879
Approved XSS vulnerabilities on VIP websites: 167
on 01.05.2017
nst1.capita.co.uk
Reported by Spam404 Twitter: @Spam404Online
Recommendations received: 62
Approved XSS vulnerabilities: 22268
Approved XSS vulnerabilities on VIP websites: 1562
on 01.05.2017
bikeleague.org
Reported by malwrforensics Approved XSS vulnerabilities: 44
Approved XSS vulnerabilities on VIP websites: 5
on 01.05.2017
uf.catalog.fcla.edu
Reported by stacksmash3r Twitter: @stacksmash3r
Approved XSS vulnerabilities: 3
Approved XSS vulnerabilities on VIP websites: 1
on 01.05.2017
e-rudy.com
Reported by malwrforensics Approved XSS vulnerabilities: 44
Approved XSS vulnerabilities on VIP websites: 5
on 01.05.2017
whistl.co.uk
Reported by Spam404 Twitter: @Spam404Online
Recommendations received: 62
Approved XSS vulnerabilities: 22268
Approved XSS vulnerabilities on VIP websites: 1562
on 01.05.2017
prokupljenadlanu.rs
Reported by OmniGooch Recommendations received: 3
Approved XSS vulnerabilities: 2879
Approved XSS vulnerabilities on VIP websites: 167
on 01.05.2017