Cobalt bug bounty programCobalt bug bounty programCobalt bug bounty program

Square thumb rdbhost service 55a0c3ec344442541796de5674cf50110a96c58461f5674def09679a5a808ccb

Rdbhost_service

Server-side SQL from the browser

#CC61

Description

We make SQL database servers available to client-side web apps.

We are only interested in rewarding bug finds for server-side bugs. Those bugs can only be demonstrated through a client-side app; that is the situation. Server-side security concerns relate to 1) unauthorized destruction of data, and 2) unauthorized release of private data.

We award bounties for DEMONSTRATED SUCCESS at either of the above.

There are four client apps available for testing. http://www.rdbhost.com/bug_bounty.html

Guidance for how an exploit can be demonstrated is provided for each. These are live apps, so if you experiment with fake data, clean up your mess.

You do have permission to destroy and share data on each, as you can find the ability to do so, and within the Responsible Disclosure constraints. If you are more comfortable with explicit permission to damage databases, send me an encrypted email using the gpg key on the website, and I will respond with a signed email giving you permission.

We have awarded bounties for exploits that did not fall within the objectives in the paragraphs above, but they did DEMONSTRATE SUCCESS at revealing information that people would reasonably expect a web site or web service to protect. Note that account numbers are NOT protected information.

Out of scope

SSL/HTTPS issues.
email spoofing issues.

Platform

Private

The terms for running and engaging in a security program always apply.

Specs

  • Rewards

    High: $2,500
    Medium: $75
    Low: $0

  • Disclosure Rules

    Responsible disclosure

  • Access Level

    Open for all

  • Response Time / Rate

    2 - 7 days / 98%

  • Researcher Feedback

    Average of all evaluations

Latest announcements

No announcements yet

April

Gravatar
chafik0401 submitted a report

October (2016)

Small thumb amn khn
amn_khn submitted a report
rdbhost closed a report from amn_khn
Small thumb amn khn
amn_khn submitted a report

September (2016)

rdbhost closed a report from zuh4n
Small thumb zuh4n
zuh4n submitted a report

August (2016)

rdbhost rewarded #CC61_95 by amn_khn (3.5 Rep)
rdbhost closed a report from malbess5
Small thumb amn khn
amn_khn submitted a report

April (2016)

Gravatar
malbess5 submitted a report

March (2016)

rdbhost closed a report from Varbaek
rdbhost closed a report from Varbaek
rdbhost closed a report from Varbaek
rdbhost closed a report from Varbaek
Small thumb varbaek 849fd2c00d436303a25ca8cc4628147f49ecc68dea0cc188c023b9c650d12b1c
Varbaek submitted a report
Small thumb varbaek 849fd2c00d436303a25ca8cc4628147f49ecc68dea0cc188c023b9c650d12b1c
Varbaek submitted a report
Small thumb varbaek 849fd2c00d436303a25ca8cc4628147f49ecc68dea0cc188c023b9c650d12b1c
Varbaek submitted a report
Small thumb varbaek 849fd2c00d436303a25ca8cc4628147f49ecc68dea0cc188c023b9c650d12b1c
Varbaek submitted a report

February (2016)

rdbhost rewarded #CC61_88 by konkakarthik (2.5 Rep)
rdbhost rewarded #CC61_87 by konkakarthik (2.7 Rep)