Cobalt bug bounty programCobalt bug bounty programCobalt bug bounty program

Square thumb awardwallet

AwardWallet

Keeps track of your reward programs

#CC72

Description

AwardWallet keeps track of your reward programs such as your frequent flyer miles, hotel and credit card points.

We have created this program to be able to test for security vulnerabilities.

Out of scope

  • missing CSRF on
    • /awardBooking/
    • logout
    • ../set_locale
  • HSTS
  • X-Content-Type-Options: nosniff
  • In forgot password functionality enter existing and non-existing e-mails and you will get two different responses
  • email enumeration on user registration
  • Content-Security-Policy
  • Public-Key-Pins HTTP Public Key Pinning
  • OCSP stapling
  • BEAST
  • Cookie XSRF-TOKEN without HttpOnly flag
  • Wordpress vulnerabilities with less than a week age
  • Wordpress xmlrpc pingback
  • I can change my name to any type of link, and send email with that link..
  • Outdated jQuery
  • Mixed Content on /blog/

Platform

  • PHP
  • Apache

The terms for running and engaging in a security program always apply.

Specs

  • Rewards

    High: $350
    Medium: $150
    Low: $50

  • Disclosure Rules

    Responsible disclosure

  • Access Level

    Open for all

  • Response Time / Rate

    2 - 7 days / 100%

  • Researcher Feedback

    Average of all evaluations

Latest announcements

No announcements yet

Yesterday

Gravatar
MuzammilKayani submitted a report

Earlier this week

Awardwallet-llc closed a report from Deepak_Noobie
Awardwallet-llc closed a report from pyrk2142
Awardwallet-llc closed a report from vinod
Gravatar
Deepak_Noobie submitted a report

Earlier this month

Gravatar
pyrk2142 submitted a report

April

Small thumb vinod
vinod submitted a report
Awardwallet-llc rewarded #CC72_282 by codecancare with a bounty and (3.1 Rep)
Awardwallet-llc rewarded #CC72_281 by codecancare with a bounty and (3.1 Rep)
Awardwallet-llc closed a report from madn00b
Gravatar
madn00b submitted a report

March

Awardwallet-llc rewarded #CC72_289 by Raunak with a bounty and (3.1 Rep)
Awardwallet-llc rewarded #CC72_288 by MuzammilKayani with a bounty and (3.0 Rep)
Awardwallet-llc closed a report from monish
Awardwallet-llc closed a report from monish
Awardwallet-llc closed a report from monish
Awardwallet-llc rewarded #CC72_284 by monish with a bounty and (2.1 Rep)
Awardwallet-llc closed a report from kpixaba
Awardwallet-llc closed a report from Joseph96
Awardwallet-llc rewarded #CC72_279 by nwalsh_sec with a bounty and (4.0 Rep)