Boozt Fashion invites you to test and help secure our primary publicly facing assets - focusing on our web and mobile applications. We appreciate your efforts and hard work in making the internet (and Boozt Fashion) more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!
For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Last updated 13 Feb 2020 00:33:23 UTC
Technical severity | Reward range
p1 Critical | $2,500 - $3,000
p2 Severe | $2,000 - $2,500
p3 Moderate | $500 - $750
p4 Low | $125 - $300
P5 submissions do not receive any rewards for this program.
Target name | Type
*.boozt.com | Website
*.booztlet.com | Website
Boozt iOS App | iOS
Boozt Android App | Android
Boozt uses a few third-party providers and services that we cannot authorize security testing against and as such these would be considered as Out of Scope.
Testing is only authorized on the targets listed as In-Scope. Any domain/property of Boozt Fashion not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to firstname.lastname@example.org before submitting.
Please test using your own @bugcrowdninja.com account for sign up.
For checkout and purchase related testing: You can use your own credit/debit card for checkout and once completed cancel your test order.
are already on the roadmap to being fixed (out of scope):**
adding/remove cart items, favorites, recent items, etc, and login/logout CSRF issues (We are reviewing this internally and addressing all known cases. Any submission of these will be marked as Not Applicable).**
When conducting vulnerability research according to this policy, we consider this research to be:
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via email@example.com before going any further.
This program follows Bugcrowd’s standard disclosure terms.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.
|Scope Type||Scope Name|
Boozt Android App
Boozt iOS App
This program have been found on Bugcrowd on 2019-12-13.