Banner object (1)

Hack and Take the Cash !

844 bounties in database
  Back Link to program      
04/11/2015
Algolia logo
Thanks
Gift
Hall of Fame
Reward

Reward

100 $ 

Algolia

Algolia is committed to working with security experts across the globe to stay up to date with the latest security techniques. If you have discovered a security issue that you believe we should know about, we'd welcome working with you. Please let us know about it and we'll make every effort to quickly correct the issue.

DO NOT use automated scanning tools

Scope

  • Website related endpoints on www.algolia.com __
  • API related endpoints on .algolia.net or .algolianet.com

Bounty

Minimum reward is $100 for security vulnerabilities. The reward depends on the vulnerability severity and will be paid via HackerOne only. Every researcher with accepted vulnerability will be mentioned on http://hackerone.com/algolia/thanks __
Issues without security impact are not eligible for a bounty, yet still welcomed and will be treated like any other report.

Eligibility

  • You must be the first reporter of the vulnerability.
  • You follow https://hackerone.com/disclosure-guidelines
  • You do not access data of other users and solely use your created accounts.
  • You may not publicly disclose the vulnerability prior to our resolution.
  • You are not an individual on, or residing in any country on, any U.S. sanctions lists.
  • You provide a working proof of concept that exploits the security issue

Exclusion

  • Login/Logout CSRF
  • DDoS
  • Social engineering on customers or employees of Algolia
  • Self-XSS (we require evidence on how the XSS can be used to attack another Algolia user)
  • Miss of rate limits
  • Report from automated tools and scans
  • Vulnerabilities sending spam or unauthorised messages
  • Bugs in 3rd party software
  • X-Frame-Options related
  • Customer's sites
  • Relating to HSTS
  • DNSSEC
  • Missing security headers which do not lead directly to a vulnerability
  • Physical attack on the infrastructure
  • Theoretical attacks
  • Breaking of SSL/TLS trust
  • Compromising of browser/device (ex. computer sharing, physical access to a user's device, ...)
  • Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
  • Password and account recovery policies, such as reset link expiration or password complexity
  • Vulnerabilities without solution on our side (HEIST, ...)
  • Outdated DNS record pointing to system which does not belong to Algolia

In Scope

Scope Type Scope Name
web_application

*.algolianet.com

web_application

*.algolia.net

web_application

www.algolia.com


This program leverage 3 scopes, in 1 scopes categories.

FireBounty © 2015-2019

Legal notices