JamieWeb
Please note that this program does not offer rewards for bug submissions as JamieWeb is just a small personal project.
This disclosure program is limited to assets in the scope found at the bottom of this page.
Web application vulnerabilities (Command Injection, SSRF, CSRF, XSS, etc)
Security misconfigurations
Suggested security improvements
Information leakage
Multi-byte/binary exploitation
Tor Hidden Service de-anonymization
Security header configurations
Content Security Policy (CSP) bypass
DNS record configuration (SPF, DKIM, DMARC, CAA, etc)
TLS configuration
Code security audit/review
Software that is more than 24 hours out of date
Etc...
Feel free to use automated tools as long as you do not cause network/service disruption for me or third-parties.
Testing must not cause issues for other organisations such as hosting providers, network operators or ISPs (e.g. Cloudflare).
Let me know of any potential vulnerabilities as soon as possible and I will make every effort to resolve the issue quickly.
Share with me the full details of any vulnerability including steps to reproduce if applicable.
Provide me a reasonable amount of time to fix the issue before disclosure to the public or a third-party.
Try to avoid degradation of service, destruction of data or privacy violations.
I will make every effort to abide by HackerOne's disclosure guidelines: https://hackerone.com/disclosure-guidelines
While researching, please do not attempt the following:
Denial of service (DoS)
Spamming
Phishing
Spoofing or hijacking
Man in the Middle (MitM) or interception
Attacks which require physical presence on the network of a user
Domain name hijacking or theft
Account hijacking or theft
Cybersquatting
Social engineering
Physical/real-life attacks
Anything that could falsely lower the reputation of me or my website
Anything that could falsely get me in trouble
Attacks on 3rd-party systems that are out of my general control
Please note that this program does not provide monetary rewards for bug submissions.
Researchers who submit non-issues, false issues or purely opinion-based issues may not be thanked publicly.
Thank you for helping keep JamieWeb safe!
| Scope Type | Scope Name |
|---|---|
| web_application | acme-validation.jamieweb.net |
| web_application | ipv6.jamieweb.net |
| web_application | ipv4.jamieweb.net |
| web_application | jamieweb.net |
| web_application | jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd.onion |
| web_application | jamiewebgbelqfno.onion |
| web_application | nyc01.jamieweb.net |
| web_application | ldn01.jamieweb.net |
| web_application | www.jamieweb.net |
| web_application | https://gitlab.com/jamieweb/results-whitelist |
| web_application | https://gitlab.com/jamieweb/jamieweb |
| web_application | https://gitlab.com/jamieweb/jw-config |
| web_application | https://gitlab.com/jamieweb/web-server-log-anonymizer-bloom-filter |
| web_application | https://gitlab.com/jamieweb/dl-integrity-verify |
| web_application | 139.162.222.67 |
| web_application | 2a01:7e00::f03c:91ff:fec6:27a3 |
| web_application | 157.230.83.95 |
| web_application | 2604:a880:400:d1::aad:8001 |
| Scope Type | Scope Name |
|---|---|
| other | 3rd Party Email Servers in my MX Records |
| web_application | status.jamieweb.net |
Firebounty have crawled on 2018-04-13 the program JamieWeb on the platform Hackerone.
FireBounty © 2015-2024
