20117 policies in database
Link to program      
2021-09-01
Digitaal Vlaanderen logo
Thank
Gift
HOF
Reward

Digitaal Vlaanderen

"Digitaal Vlaanderen" is the IT and digital transformation departement within the Flanders’ governmental IT. Positioned as the digital gateway and data broker between all Flemish government entities, we want to be at the top of our game. Our security ought to be too. For this program we are focusing at first instance on some of our main assets.We are happy to announce our first bug bounty program! We've done our best to clean most of our known issues and now would like to request your help to spot the ones we missed! We are specifically looking for

  • Leaking of personal data
  • Horizontal / vertical privilege escalation
  • SQL injection vulnerabilities
  • Arbitrary file upload (proof of the existence of the uploaded file required)
  • Missing cookie flags
  • Missing security headers
  • Cross-site Request Forgery with low impact
  • HTTP Request smuggling without any proven impact
  • Disclosing API keys without proven impact
  • Subdomain takeover without taken over the subdomain
  • Arbitrary file upload without proof of the existence of the uploaded file
  • Sessions not being invalidated (logout, enabling 2FA, ..)
  • Hyperlink injection/takeovers
  • Cross-domain referer leakage
  • Content injection
  • Username / email enumeration (for internal e-mail accounts)

Automation limit = 1 request/ second, please beware to not overload the platform

This program follows Intigriti's contextual CVSS standard

By participating in this program, you agree to: * Respect the Community Code of Conduct * Respect the Terms and Conditions * Respect the scope of the program * Not discuss or disclose vulnerability information without prior written consent, including PoC's on public Youtube or Vimeo channels. * We appreciate a video PoC in case of complicated vulnerabilities.

Automation limit = 1 request / second

In Scope

Scope Type Scope Name
undefined

Leaking of personal data

undefined

Horizontal / vertical privilege escalation

undefined

SQL injection vulnerabilities

undefined

Arbitrary file upload (proof of the existence of the uploaded file required)

undefined

Missing cookie flags

undefined

Missing security headers

undefined

Cross-site Request Forgery with low impact

undefined

HTTP Request smuggling without any proven impact

undefined

Disclosing API keys without proven impact

undefined

Subdomain takeover without taken over the subdomain

undefined

Arbitrary file upload without proof of the existence of the uploaded file

undefined

Sessions not being invalidated (logout, enabling 2FA, ..)

undefined

Hyperlink injection/takeovers

undefined

Cross-domain referer leakage

undefined

Content injection

undefined

Username / email enumeration (for internal e-mail accounts)

web_application

https://prod.widgets.burgerprofiel.vlaanderen.be/

web_application

www.burgerprofiel.be


Firebounty have crawled on 2021-09-01 the program Digitaal Vlaanderen on the platform Intigriti.

FireBounty © 2015-2021

Legal notices