follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel



« previous next »
Pages: [1]

Author Topic: Algolia[$100] Bug Bounty  (Read 17115 times)

Angelina

  • Moderator
  • Experienced Member
  • *****
  • Posts: 357
    • View Profile
Algolia[$100] Bug Bounty
« on: April 19, 2023, 05:18:19 pm »
Submit bug report: https://algolia.com
@algolia
Algolia
Hosted search API that delivers instant and relevant results from the first keystroke.

Algolia is committed to working with security experts across the globe to stay up to date with the latest security techniques. If you have discovered a security issue that you believe we should know about, we'd welcome working with you. Please let us know about it and we'll make every effort to quickly correct the issue.
DO NOT use automated scanning tools
Scope
Website related endpoints on www.algolia.com
API related endpoints on .algolia.net or .algolianet.com
Bounty
Minimum reward is $100 for security vulnerabilities. 
Issues without security impact are not eligible for a bounty, yet still welcomed and will be treated like any other report.
Eligibility
You must be the first reporter of the vulnerability.

You do not access data of other users and solely use your created accounts.
You may not publicly disclose the vulnerability prior to our resolution.
You are not an individual on, or residing in any country on, any U.S. sanctions lists.
You provide a working proof of concept that exploits the security issue
Exclusion
Login/Logout CSRF
DDoS
Social engineering on customers or employees of Algolia
Self-XSS (we require evidence on how the XSS can be used to attack another Algolia user)
Miss of rate limits
Report from automated tools and scans
Vulnerabilities sending spam or unauthorised messages
Bugs in 3rd party software
X-Frame-Options related
Customer's sites
Relating to HSTS
DNSSEC
Missing security headers which do not lead directly to a vulnerability
Physical attack on the infrastructure
Theoretical attacks
Breaking of SSL/TLS trust
Compromising of browser/device (ex. computer sharing, physical access to a user's device, ...)
Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
Password and account recovery policies, such as reset link expiration or password complexity
Vulnerabilities without solution on our side (HEIST, ...)
Outdated DNS record pointing to system which does not belong to Algolia
Any DNS record outdated for less than 48 hours
Broken links
« Last Edit: April 19, 2023, 06:37:22 pm by Angelina »
Logged
Pages: [1]
« previous next »