Bountytalk - Forums Advertising & Bounty Hub
Other Bounties => Bug bounty programs => Topic started by: Angelina on June 09, 2023, 06:51:42 pm
-
submit bug report: http://www.casper.com
Our rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). Please note these are general guidelines, and that reward decisions are up to the discretion of Casper.
There is a maximum award of $5,000 - particularly creative or severe bugs will be rewarded accordingly. Depending on the severity of the bug, and the quality of your report, we may pay a lower-tier bug out at a higher level.
Critical Severity Bugs
SQL Injection
Remote Code Execution
Privilege Escalation affecting users or admin access
Broken Authentication affecting all users
SSRF to an internal service, with extremely critical impact (e.g. immediate and direct security risk)
And other critical-severity issues
High Severity Bugs
XSS that manipulates orders or customers
Cross-Site Request Forgery on Sensitive Actions or Functions (CSRF/XSRF)
This excludes actions like log-out and un-auth’d operations on a user’s cart
SSRF to an internal service, hosted by Casper (like bedpost.casper.com, which is called via JS from casper.com during checkout)
Information leaks or disclosure (including customer or employee data)
And other high-severity issues
Medium Severity Bugs
XSS that can expose customer or order information
Parameter Pollution with auth'd side effects
Server misconfiguration or provisioning errors with a demonstrated security impact
Information leaks or disclosure (excluding customer PII data)
And other medium-severity issues
Low Severity Bugs
Mixed content issues
redirects and requests containing integer IDs (primary keys in our DB), we'll award one per resource, not per instance.
Parameter Pollution with unauth'd side effects