45466 policies in database
Link to program      
2018-01-15
2019-03-27
Showmax logo
Thank
Gift
HOF
Reward

Reward

100 $ 

Showmax

No technology is perfect, and Showmax believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Please refer to Bug Bounty Policy & Scope Page to get understanding of what is in scope and what is not.

You can sign up for a free Showmax account at https://secure.showmax.com/v134.0/website/signup.

Thank you for helping to keep Showmax and our users safe!

Bounty rewards


All confirmed vulnerabilities will be considered, assessed, and if valid then awarded a bounty based on the final severity. We distinguish between two types of valid reports:

  • Reports for the main scope of our program

  • Showmax blog - https://stories.showmax.com (a Wordpress site hosted on managed Wordpress hosting where we have limited influence on the server security)

Some out of scope reports may also be awarded bounty if we consider them impactful. We are especially interested in Authentication related, Authorization related, SQL injection and Cross Site Scripting basis and Remote Code Execution vulnerabilities. If eligible, the reward will be decided on a case by case basis.

In Scope

Scope Type Scope Name
android_application

showmax.app

ios_application

1014875256

other

Showmax tvOS Application for AppleTV

other

NLB (Network Load Balancer) for Showmax forwarding to HAproxies

other

NLB (Network Load Balancer) forwarding to NGINX Ingress Controller (Kubernetes), requiring SSO/Vouch Proxy to login

web_application

https://www.showmax.com

web_application

https://secure.showmax.com

web_application

https://api.showmax.com

web_application

https://stories.showmax.com

web_application

vpn.*.platfoo.com

web_application

bastion.*.platfoo.com

Out of Scope

Scope Type Scope Name
other

3rd party services

web_application

https://chat.showmax.com


This program have been found on Hackerone on 2018-01-15.

FireBounty © 2015-2024

Legal notices | Privacy policy