20117 policies in database
Link to program      
Sixt logo


With more than 6,900 employees worldwide, SIXT combines global car rental and local share solutions, ride hailing-services as well as car subscriptions in one of the world’s largest mobility platforms. With just one app – the SIXT App – we offer our customers digital access to more than 200,000 vehicles and around 1.5 million connected drivers in approximately 110 countries worldwide. Besides its own range of vehicles, SIXT also integrates services from more than 1,500 mobility partners.We are happy to announce our VDP on Intigriti! We will also start a Private program in the near future and you will have the chance to be invited to that. To be eligible for an invite, you need to find a valid medium or higher vulnerability an in scope asset.

We've done our best to clean most of our known issues and now would like to request your help to spot the ones we missed! We are specifically looking for:

  • leaking of personal data.
  • horizontal / vertical privilege escalation.
  • SQLi.
  • modification of content on the corporate website.
  • access to management systems hosted on *.sixt.com or servers that hosts corporate resources.

Important notes

1. Automation request limit = 5 requests/ second

2. Use of intigriti email is MANDATORY

3. Shared codebase disclaimer Our websites share the same codebase accross countries so they can contain common issues. If a specific issue has already been found in another country website it will be treated as a duplicate. Focus on the country domains listed In Scope.

4. Quality requirements Please make sure your report follows our quality standards as mentioned in the FAQ section In case reports are not written according to the standards, they may not be eligible for a Swag or Reward.

5. Remember: Quality over Quantity

Swag and Rewards

All researchers who submit a valid Medium or higher submission, will also receive an invitation to the private BB program which we'll be launching soon!

We are giving vouchers to the Intigriti swag store as rewards. Please find an overview per severity below!

  • Medium: 25€ swag voucher
  • High: 50€ swag voucher
  • Critical: Car rental voucher for a week-end OR 100€ swag voucher
  • Exceptional: Car rental voucher for a week OR 150€ swag voucher

See Rules of engagament for the conditions under which a car rental voucher is possible

If you have additional questions about our program feel free to contact us through Intigriti's support. Lastly, if you believe a vulnerability has impact, we want to know about it! Remember to provide a clear impact indication.

This program follows Intigriti's contextual CVSS standard

By participating in this program, you agree to: * Respect the Community Code of Conduct (link to https://go.intigriti.com/coc) * Respect the Terms and Conditions (link to https://go.intigriti.com/tac) * Respect the scope of the program * Not discuss or disclose vulnerability information without prior written consent (including PoC's on YouTube and Vimeo)

Eligibility to Participate To be eligible to participate in our program, you have to: * Be at least 18 years of age if you test using a Sixt Account or register for an account. * Not be employed by Sixt or any of its affiliates or an immediate family member of a person employed by Sixt or any of its affiliates. * Not be a resident of, or make submissions from, a country against which Germany has issued export sanctions or other trade restrictions. * Not be in violation of any national, state, or local law or regulation with respect to any activities directly or indirectly related to the Vulnerability Disclosure Program. * Not be using duplicate Intigriti accounts. If (i) you do not meet the eligibility requirements above (ii) you breach any of these Program Terms or any other agreements you have with Sixt SE or its affiliates (iii) we determine that your participation in the Intigriti Program could adversely impact us, our affiliates or any of our users, employees or agents, then we may remove you from the Intigriti Program and disqualify you from receiving any benefit of the relevant Intigriti Programs.

Special Sixt rewards: * Car rental voucher or other Sixt specific rewards will only be available in specific countries and to researchers over 18 years of age. The countries where car rental voucher are applicable: Germany, Switzerland, Austria, Italy, Spain, Netherlands, Belgium, Luxemburg, France, UK, US

In Scope

Scope Type Scope Name



leaking of personal data.


horizontal / vertical privilege escalation.




Medium: 25€ swag voucher


High: 50€ swag voucher


Critical: Car rental voucher for a week-end OR 100€ swag voucher


Exceptional: Car rental voucher for a week OR 150€ swag voucher






Any related sixt domain




modification of content on the corporate website.


access to management systems hosted on *.sixt.com or servers that hosts corporate resources.

This program have been found on Intigriti on 2021-08-31.

FireBounty © 2015-2021

Legal notices