Report Email Alerts Open Bug Bounty: 102541 coordinated disclosures
Full Disclosure: 32227 vulnerabilities
Total Vulnerabilities Fixed: 34664
112189 vulnerable websites, 12405 VIP websites
2641 security researchers, 3734 notification subscribers

Open Bug Bounty & Coordinated Disclosure

We endorse and encourage coordinated vulnerability disclosure to help website owners and administrators to secure their web applications and the end-users.


Vulnerability type:
Select reporting methodology:Open Bug Bounty (Recommended) To participate in the Open Bug Bounty coordinated vulnerability disclosure program please login via Twitter. Anyone can participate, anyone can help!
Full Disclosure

Please carefully follow submission guidelines:

  • Your XSS must display 'OPENBUGBOUNTY' string in a JS popup, for example:
    • <script>alert('OPENBUGBOUNTY')</script>
    • <img src=x onerror=prompt(/OPENBUGBOUNTY/)>
    • <script src=https://openbugbounty.org/1.js>
  • Your XSS must affect the domain for which you submit the vulnerability - XSS in iframes or after redirects are not accepted.
  • Iframe injections must contain an iframe with openbugbounty.org inside.
  • Same XSS in different scripts (e.g. one global parameter affecting all pages) will NOT be published as separate XSSs, and will be deleted.
  • Multiple re-submissions of the same vulnerability will result in removal of all these submissions.
  • Please allow up to 24 hours for XSS approval and publication.
* XSS URL:
POST data


appication/x-www-form-urlencoded
POST data example:


key1=value1&key2=value2
multipart/form-data
POST data example:


---------------573cf973d5228
Content-Disposition: form-data; name="key1"

value1
---------------573cf973d5228
Content-Disposition: form-data; name="key2"

value2
---------------573cf973d5228--
Cookies:
Your nickname:
Send notification to subscribers: A notification will be sent to all people who are subscribed for the domain.
A notification will be sent to:
security@
webmaster@
contact@
info@
Send notification to an email address provided on the vulnerable website (e.g. security contact - if any, etc).
A notification will be sent via OpenBugBounty twitter account (available only for VIP submissions)
If exploitation is not trivial, specify the exact steps to reproduce the vulnerability. Please be brief and clear!
*



Latest VIP Submissions

sexlew.net
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
charkhan.com
Reported by OmniGooch Recommendations received: 2
Approved XSS vulnerabilities: 2340
Approved XSS vulnerabilities on VIP websites: 128
on 26.02.2017
videosz.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 25.02.2017
digitalplayground.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 25.02.2017
e-lyco.fr
Reported by DrStache Twitter: @DrStache_
Recommendations received: 24
Approved XSS vulnerabilities: 3881
Approved XSS vulnerabilities on VIP websites: 147
on 25.02.2017
newsweek.pl
Reported by DonkeyJJLove Twitter: @DonkeyJJLove
Recommendations received: 9
Approved XSS vulnerabilities: 896
Approved XSS vulnerabilities on VIP websites: 265
on 25.02.2017
suara.com
Reported by Rungga Twitter: @rungga_reksya
Approved XSS vulnerabilities: 383
Approved XSS vulnerabilities on VIP websites: 23
on 24.02.2017
aqua.hu
Reported by RickChase Approved XSS vulnerabilities: 214
Approved XSS vulnerabilities on VIP websites: 9
on 24.02.2017
telestar.fr
Reported by DrStache Twitter: @DrStache_
Recommendations received: 24
Approved XSS vulnerabilities: 3881
Approved XSS vulnerabilities on VIP websites: 147
on 24.02.2017
football365.fr
Reported by DrStache Twitter: @DrStache_
Recommendations received: 24
Approved XSS vulnerabilities: 3881
Approved XSS vulnerabilities on VIP websites: 147
on 24.02.2017

Latest Submissions

asianamericantgirls.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
arabianchicks.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
blackgfsex.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
roundandbrown.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
badtowtruck.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
primecups.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
spizoo.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
es.wowcardmarket.eu
Reported by pabloskimaster Guest Researcher Profile on 26.02.2017
phalogenics.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017
m.porn555.com
Reported by rj01 Twitter: @RoyJansen_01
Recommendations received: 3
Approved XSS vulnerabilities: 844
Approved XSS vulnerabilities on VIP websites: 133
on 26.02.2017