Cobalt bug bounty programCobalt bug bounty programCobalt bug bounty program

Square thumb awardwallet

AwardWallet

Keeps track of your reward programs

#CC72

Description

AwardWallet keeps track of your reward programs such as your frequent flyer miles, hotel and credit card points.

We have created this program to be able to test for security vulnerabilities.

Out of scope

  • missing CSRF on
    • /awardBooking/
    • logout
    • ../set_locale
  • HSTS
  • X-Content-Type-Options: nosniff
  • In forgot password functionality enter existing and non-existing e-mails and you will get two different responses
  • email enumeration on user registration
  • Content-Security-Policy
  • Public-Key-Pins HTTP Public Key Pinning
  • OCSP stapling
  • BEAST
  • Cookie XSRF-TOKEN without HttpOnly flag
  • Wordpress vulnerabilities with less than a week age
  • Wordpress xmlrpc pingback
  • I can change my name to any type of link, and send email with that link..

Platform

  • PHP
  • Apache

The terms for running and engaging in a security program always apply.

Specs

  • Rewards

    High: $350
    Medium: $150
    Low: $50

  • Disclosure Rules

    Responsible disclosure

  • Access Level

    Open for all

  • Response Time / Rate

    2 - 7 days / 97%

  • Researcher Feedback

    Average of all evaluations

Latest announcements

No announcements yet

Yesterday

Small thumb monish 4f213c8ad25ae2189d9280a3de9aadab63ccb7be2c64addde5978724bf1ff167
monish submitted a report
Small thumb monish 4f213c8ad25ae2189d9280a3de9aadab63ccb7be2c64addde5978724bf1ff167
monish submitted a report
Small thumb monish 4f213c8ad25ae2189d9280a3de9aadab63ccb7be2c64addde5978724bf1ff167
monish submitted a report
Small thumb monish 4f213c8ad25ae2189d9280a3de9aadab63ccb7be2c64addde5978724bf1ff167
monish submitted a report

Earlier this month

Small thumb kpixaba
kpixaba submitted a report
Small thumb codecancare
codecancare submitted a report
Small thumb codecancare
codecancare submitted a report
Small thumb joseph96
Joseph96 submitted a report
Gravatar
nwalsh_sec submitted a report

February

AwardWallet closed a report from sriharsha1993
AwardWallet closed a report from raad
AwardWallet closed a report from monish
AwardWallet closed a report from monish
Gravatar
sriharsha1993 submitted a report
AwardWallet rewarded codecancare with a bounty and 17.0 Rep
Small thumb codecancare
codecancare submitted a report
Gravatar
raad submitted a report
Small thumb monish 4f213c8ad25ae2189d9280a3de9aadab63ccb7be2c64addde5978724bf1ff167
monish submitted a report

January

Small thumb monish 4f213c8ad25ae2189d9280a3de9aadab63ccb7be2c64addde5978724bf1ff167
monish submitted a report
AwardWallet closed a report from Nomi