Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
11/04/2018
Simeji logo
Thanks
Gift
Hall of Fame
Reward

Reward

10000 ¥ 

In Scope

Scope Type Scope Name
android_application https://itunes.apple.com/jp/app/id899997582?mt=8
android_application https://play.google.com/store/apps/details?id=com.adamrocker.android.input.simeji
android_application https://itunes.apple.com/jp/app/id959791915?mt=8
android_application https://itunes.apple.com/jp/app/id899997582?mt=8
android_application https://play.google.com/store/apps/details?id=com.adamrocker.android.input.simeji
android_application https://itunes.apple.com/jp/app/id959791915?mt=8
web_application itunes.apple.com
web_application play.google.com
web_application itunes.apple.com

Out of Scope

Scope Type Scope Name
undefined 1 Test against server that connect application are explicitly excluded from this program.
undefined 2 Desktop version of the Simeji for Windows(β)are out-of-scope.

Simeji

Rules

Only test for vulnerabilities on application stipulated in scope section. Any vulnerabilities reported on applications out-of-scope are not eligible for bounty rewards. Any vulnerability test against domains out-of-scope are explicitly prohibited.

Any violation of the Terms of Service of the “BugBounty.jp”, and/or performance of DoS (Denial of Service)attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.

The vulnerability scope of this program is limited. Please note that reports of vulnerabilities not listed here are not eligible for bounty rewards. For more details, please refer to the “Bounty Payments”

Scope

 The following applications are in-scope for this program.

Simeji - Japanese Keyboard with Emoticons

Simeji
・iOS
https://itunes.apple.com/jp/app/id899997582?mt=8
・Android
https://play.google.com/store/apps/details?id=com.adamrocker.android.input.simeji
As for the Android, bounty rewards will be eligible from version 10.0.3.

Simeji Pro (Limited to iOS)
https://itunes.apple.com/jp/app/id959791915?mt=8

※1 Test against server that connect application are explicitly excluded from this program.
※2 Desktop version of the Simeji for Windows(β)are out-of-scope.

Eligible For Bounty

 The following vulnerabilities are eligible to receive bounty reward.

1. Hijack smartphone
Hijack: Ability to call or send SMS, email, activate camera, spy camera, or eavesdropping despite the intention of the user.

2. Unauthorized access (Ability to gain access to information without permission.)
: Information submitted when applying for Android / At the privacy setting on iOS
(Ability to gain device information despite what user have granted permission on the Settings>Privacy)
: Ability to gain access to information that user haven’t allowed to be sent on Simeji.

3. Use of “Moplus SDK”
(1) Application contain the source code of “Moplus SDK”
(2) Ability to execute “Moplus SDK” functions (If application are using “Moplus SDK”)

The following guidelines the bounty amount for in-scope vulnerabilities.
〜 ¥300,000 per vulnerability

4. Report of vulnerabilities not listed above may be eligible for the bounty (¥10,000-)

Not Eligible For Bounty

 No special mention

Notes

For eligibility details, please refer to the "Terms of Service Article 4" of this site.

FireBounty © 2015-2019

Legal notices