FireBounty
72449 policies in database
Link to program      
2019-12-19
2020-01-07
MTN Group logo
Thank
Gift
HOF
Reward

MTN Group

At MTN, we are committed to keeping our systems, network and product(s) secure. Despite the measures we take, the presence of vulnerabilities will always be possible. When such vulnerabilities are found, we’d like to learn of them as soon as possible, allowing us to take swift action to improve our security.

MTN’s approach to Responsible Disclosure is as follows, you are allowed to search for vulnerabilities, as long as you don’t:

• Execute or attempt to execute a Denial of Service (DoS)

• Make changes to a system

• Install malware of any kind

• Social engineer our personnel or customers (including phishing)

• Scan or run tests in a manner that would degrade the operation of the service or negatively affect our customers in any way

• Physically attack or damage MTN property, offices or data centres or attempt to do so

• Run tests on third party applications, websites or services that integrate with or link to MTN

• Scan or attack any cloud hosted infrastructures such as Azure or Amazon Web Services or attempt to do so

• Make use of any kind of automated scanning software.

Breaching the above restrictions may result in MTN launching an investigation and/or taking legal action to the greatest extent of MTN’s legal obligation and rights or that of our partners and customers.

What we ask of you:

• Do not abuse or exploit discovered vulnerabilities in any way for any purpose

• Do not share discovered vulnerabilities with any entities or persons other than MTN and its employees until after MTN has confirmed the vulnerability has been resolved

• Provide us with adequate information to enable us to investigate the vulnerability properly. (To be able to investigate properly, we will need to be able to efficiently reproduce your steps.)

• Provide us with information required to contact you (at least telephone number or email address).

What we promise:

• We will respond to your report within 5 business days of receipt, with our evaluation of the report and an expected resolution date

• We will keep you regularly informed of our progress toward resolving the vulnerability

• Any report submitted in relation to this Responsible Disclosure approach will be handled with great care with regards to the privacy of the reporter. We will not share your personal information with third parties without your permission, unless we are legally required to do so

• If you have followed the above instructions, we will not take any legal action against you regarding the report

Rewards and attribution:

• MTN does not compensate individuals or organisations for identifying potential or confirmed vulnerabilities.

• If you agree, we‘ll publicly attribute the finding to your name in our Hall of Fame

• Please do not ask for a reward before sharing the vulnerability, as we need to evaluate your report before responding

• If you report a vulnerability that is unknown to us, and if you are not from a country where we are prohibited by law from making payments (e.g. due to sanctions), we may decide to offer you a reward based upon our assessment of the criticality of the vulnerability

• If you agree, we‘ll publicly attribute the finding to your name in our Hall of Fame

Acquisitions:

For all our acquisitions, in order to give our development and security teams time for internal review and remediation, we will introduce a six-month blackout period. Bugs reported in that period will not qualify for a reward

Out of scope vulnerabilities:

• Vulnerabilities affecting users of outdated or unsupported browsers or platforms

• Issues that require unlikely user interaction

• Clickjacking/UI Redressing

• Reflected file download

• Verbose error pages (without proof of exploitability)

• SSL/TLS Best Practices

• Incomplete/Missing SPF/DKIM

• Fingerprinting / banner disclosure on common/public services

• Disclosure of known public files or directories, (e.g. robots.txt)

• Content spoofing (text injection)

• Tabnabbing

• OPTIONS HTTP method enabled

• Recently disclosed 0-day vulnerabilities

• Presence of autocomplete attribute on web forms

• Use of a known-vulnerable library (without proof of exploitability)

In Scope

Scope Type Scope Name
web_application

mtnplay.co.zm
web_application

mtnselfcare.co.zm
web_application

Mtnzakhele.co.za
web_application

Mtnplay.co.za
web_application

Mtnblog.co.za
web_application

Mtnbusiness.com.ng
web_application

Mtnbusiness.com
web_application

Mtnzambia.co.zm
web_application

Mtn.co.ug
web_application

Mtn.co.sz
web_application

Mtn.sd
web_application

Mtn.co.rw
web_application

Mtnonline.com
web_application

Lonestarcell.com
web_application

Irancell.ir
web_application

Areeba.com.gn
web_application

Mtn.com.gh
web_application

Mtn.ci
web_application

Mtncongo.net
web_application

Mtncameroon.net
web_application

Mtn.cm
web_application

Mtn.bj
web_application

Mtn.com.af
web_application

Mtn.co.za
web_application

mtn.com
web_application

mtngbissau.com
web_application

www.mtn.zm
web_application

mtnloaded.co.za
web_application

mtn-sa.com
web_application

yellomtn.com
web_application

mtn-ssd.com
web_application

mtngroup.com
web_application

mtnonlineservices.com
web_application

mascom.co.bw
web_application

upk.mtn.com
web_application

ebs.mtn.com
web_application

wc.mtn.com
web_application

ofr.mtn.com
web_application

oddc.mtn.com
web_application

grc-aacg.mtn.com
web_application

oam.mtn.com
web_application

grc-ccg.mtn.com
web_application

ascp.mtn.com
web_application

soa.mtn.com
web_application

mtnglobalconnect.com
web_application

mtnrewards.com
web_application

mtncareersonline.com
web_application

mtnbusiness.net
web_application

int.mtnbusiness.net
web_application

mtn-ic.com
web_application

mtngame.net
web_application

www.mtnbanking.com
web_application

mtnspptylimited.net
web_application

mtnholdings.org
web_application

mtnholdingsptylimited.biz
web_application

mtnchampionship.com
web_application

mtnplayonline.com
web_application

mtnptylimited.com
web_application

mtn-weca.com
web_application

mtnsecure.com
web_application

mtnns.net
web_application

mtn.mobi
web_application

mtn-investor.com
web_application

mtnbusiness.com
web_application

move2mtn.com
web_application

mtnhostedservices.com
web_application

mtnhostedservices.net
web_application

mtnonlineservices.net
web_application

mtnhostedservices.mobi
web_application

mtnonlineservices.mobi
web_application

mtnlibmusic.com
web_application

www.mtn.com
web_application

mtngb.com
web_application

mtn.wiki
web_application

usermtn.com
web_application

mtninternet.com
web_application

mtnmobiletv.com
web_application

mtnniger.com
web_application

mtnuktopup.com
web_application

mtnonlinepromo.com
web_application

mtnmoney.com
web_application

mtnpromocard.com
web_application

mtnfinancialservices.com
web_application

mtnzakhele.tel
web_application

mtntopup.com
web_application

mtnmmo.com
web_application

mtnholdings.com
web_application

mtnbirthdays.com
web_application

mtnupgrade.mobi
web_application

mtnselfserviceonline.com
web_application

mtnconnect.com
web_application

mtndownloads.com
web_application

mtnfrontrow.com
web_application

promobymtn.com
web_application

mtnbusiness.tel
web_application

mtnmobilemoney.us
web_application

mtnappstore.com
web_application

mtnmail.org
web_application

mtnanytimetopup.com
web_application

mtnsms.net
web_application

mtn-global.com
web_application

mtnpromobonus.com
web_application

mtnrates.com
web_application

mtnprojectfamewestafrica.com
web_application

mtncsms.com
web_application

mtnzakhele.net
web_application

mtnusatopup.com
web_application

mtni.net
web_application

mtninsurance.com
web_application

mtnmobilemoney.net
web_application

mtnns.com
web_application

mtnvoicemail.com
web_application

mtn.hosting
web_application

mtn.network
web_application

mtnprojectfame.com
web_application

mtnglobaltopup.com
web_application

mtnlite.com
web_application

mtnplay-ssd.com
web_application

mymtnapps.com
web_application

mtnpaid.com
web_application

mtnmusiconline.com
web_application

mtn.tel
web_application

mtnglobalrecharge.com
web_application

mtnpromoloaded.com
web_application

mtnbusiness.mobi
web_application

mtneasy.com
web_application

mtn-global.net
web_application

mtnpays.com
web_application

mtnfinancialsolutions.net
web_application

mtncallertunes.com
web_application

mtnhelloworld.com
web_application

mtnpulse.com
web_application

mtnadvertising.com
web_application

mtnsurprisepromo.com
web_application

mtnmobilemassage.com
web_application

mtnzakhele.com
web_application

mtn.host
web_application

mtnxmasoffer.com
web_application

mtnwebtransfer.com
web_application

mtnpreview.com
web_application

mtnayoba.com
web_application

mtnpins.com
web_application

mtnfreepromo.com
web_application

mtnbanking.com
web_application

mtntelecom.com
web_application

mtninsure.com
web_application

mtn-ns.net
web_application

mtnmail.tel
web_application

mtnyellomail.com
web_application

mtnghonlineservices.mobi
web_application

mtnfastmail.com
web_application

mtn.software
web_application

mtnonlineplay.com
web_application

mtnonlineloaded.com
web_application

mtnmena.com
web_application

mtncompass.mobi
web_application

mtnbussiness.com
web_application

mtnsp.mobi
web_application

mtnnconnectstore.com
web_application

mtn50.com
web_application

mtnpulse.tel
web_application

mtnholdingsptyltd.com
web_application

mtn131.com
web_application

mtnmobilecity.com
web_application

mtn-eschool.com
web_application

mtnmail.mobi
web_application

mtnmobilemoney.com
web_application

mtncloud.com
web_application

mtnmobility.net
web_application

mtnptylimited.net
web_application

mtnfull.com
web_application

mymtn-promo.com
web_application

mtnngprs.com
web_application

mtnrecharge.com
web_application

mtnbonus.com
web_application

mtninternational.net
web_application

mtnapps.net
web_application

mtnholdings.net
web_application

mtnddns.net
web_application

mtnmobileoffice.com
web_application

mtnholdingsptylimited.com
web_application

mtneurotopup.com
web_application

mtnholdingsptylimited.net
web_application

mtnplay.net
web_application

mtnconnectng.net
web_application

mtnholdingsptyltd.net
web_application

mtnatwork.com
web_application

mtnglobalconnect.net
web_application

mtndeveloper.com
web_application

yelloworld.com
web_application

mtnglobaltopup.net
web_application

mtncalls.com
web_application

mtnbanking.net
web_application

mtnhomeland.com
web_application

mtnconectng.net
web_application

mtn.net
web_application

mtnsoccer.com
web_application

yellobroadband.com
web_application

yellotalk.com
web_application

mtnoffer.com
web_application

mtnringtones.com
web_application

mymobilemoneyng.com
web_application

mtnrank.com
web_application

yellomonitoring.ir
web_application

mtnfantasyleague.com
web_application

yellobroadband.net
web_application

yelloafrica.com
web_application

mtnoverseastopup.com
web_application

mtngaming.com
web_application

hotmtnpromo.com
web_application

mtnsp.com
web_application

mtnfinancialsolutions.com
web_application

mtnplayasyougo.mobi
web_application

mtneuropeantopup.com
web_application

mtnepresence.com
web_application

mtnairborn.com
web_application

mtn-universal-topup.com
web_application

mtnonlineoffer.com
web_application

mtnhelloworld.net
web_application

mtnwireless.net
web_application

mtndownload.com
web_application

mtnpromosite.com
web_application

mtnglobalservices.com
web_application

mtnhelloworld.mobi
web_application

areeba.com.gh
web_application

worldcom.co.bw
web_application

equitygroup.africa
web_application

imarikafoundation.org
web_application

tpskenya.co.ke
web_application

krysandchris.co.ke
web_application

ms-df.com
web_application

aimco.co.ke
web_application

vipresecurity.co.bw
web_application

bambonline.co.bw
web_application

bomaid.co.bw
web_application

redire.co.bw
web_application

simbani.co.bw
web_application

bhp.org.bw
web_application

seza.co.bw
web_application

faulucareers.co.ke
web_application

sharehub.co.ke
web_application

equity-group.org
web_application

silobreaks.co.ke
web_application

irancel.ir
web_application

mtnsouthafricatopup.com
web_application

mtnsouthafrica.net
web_application

mtnspotlight.com
web_application

mtnmailsync.com
web_application

mtn.so
web_application

mtnss.com
web_application

mtn.fail
web_application

mtnseasonoffer.com
web_application

mtn.digital
web_application

mtneasy.net
web_application

mtn.global
web_application

mtn.business
web_application

mtn.media
web_application

mtn.wtf
web_application

mtnrechargelink.com
web_application

mtnretail.com
web_application

mtntopup.net
web_application

mtngo.durban
web_application

mtngo.capetown
web_application

mtngo.net
web_application

mtngo.joburg
web_application

mtngo.mtn
web_application

mtngroup.tel
web_application

mtngroupltd.net
web_application

mtngrouplimited.com
web_application

mtngrouplimited.net
web_application

lonestarcell.org
web_application

yellolearn.co.bw
web_application

mtngh.com
web_application

p6analytics.mtn.com
web_application

eppm.mtn.com
web_application

bi-ebs.mtn.com
web_application

epm.mtn.com
web_application

fs-prdfus.mtn.com
web_application

uni.mtn.com
web_application

ecap.mtn.com
web_application

isupplier.mtn.com

Out of Scope

Scope Type Scope Name
web_application

Mtn-bissau.com
web_application

Mtn.com.cy
web_application

https://www.mtn.com/xmlrpc.php
web_application

https://www.mtn.com/investors/sign-up-for-investor-information/
web_application

https://www.mtn.com/contact/become-supplier/
web_application

https://www.mtn.com/wp-login.php
web_application

https://www.mtn.com/wp-json/
web_application

*.mtnfootball.com
web_application

Mtnfootball.com
web_application

Mtn.com.ye
web_application

mtnfootball.com
web_application

novafone.com.lr
web_application

jolie.ir
web_application

achom.ir
web_application

hb56.n1.ips.mtn.co.ug
web_application

h27da.n1.ips.mtn.co.ug
web_application

h2d.n1.ips.mtn.co.ug
web_application

h2d5.n1.ips.mtn.co.ug
web_application

hfa.n4.ips.mtn.co.ug
web_application

h234e.n1.ips.mtn.co.ug
web_application

h19f6.n2.ips.mtn.co.ug
web_application

h6ce.n1.ips.mtn.co.ug
web_application

h6a2.n2.ips.mtn.co.ug
web_application

h6c6.n2.ips.mtn.co.ug
web_application

h82e.n1.ips.mtn.co.ug
web_application

h22eb.n1.ips.mtn.co.ug
web_application

h6ca.n2.ips.mtn.co.ug
web_application

hb92.n1.ips.mtn.co.ug
web_application

h1f7.n1.ips.mtn.co.ug
web_application

he2.n1.ips.mtn.co.ug
web_application

h163e.n2.ips.mtn.co.ug
web_application

h69a.n2.ips.mtn.co.ug
web_application

h696.n2.ips.mtn.co.ug
web_application

h2a36.n1.ips.mtn.co.ug
web_application

h6ba.n2.ips.mtn.co.ug
web_application

h862.n1.ips.mtn.co.ug
web_application

https://h2cf3.n1.ips.mtn.co.ug

This program have been found on Hackerone on 2019-12-19.

FireBounty © 2015-2025

Legal notices | Privacy policy