Banner object (1)

Hack and Take the Cash !

844 bounties in database
  Back Link to program      
17/12/2016
Discourse logo
Thanks
Gift
Hall of Fame
Reward

Reward

100 $ 

Discourse

We take security very seriously at Discourse. We welcome any peer review of our 100% open source code __to ensure nobody's Discourse forum is ever compromised or hacked.

⚠️️ Only test and report against https://try.discourse.org __-- reports against any other URL will be closed as "Not Applicable." You have been warned.

Triage

  • We are not interested in social engineering reports
  • We are not interested in version disclosure reports
  • We are not interested in HTTP sniffing or HTTP tampering exploits, our sandbox is HTTPS and you can assume all live Discourse instances will be HTTPS.
  • We will triage into:
    • Medium — CSRF / exploit that causes a user to perform an operation they didn't explicitly consent to ($256)
    • High — XSS exploits ($512)
    • Critical — exploit resulting in privilege escalation to admin, or downloading the site database ($1024+)
  • We will publicly acknowledge any report that results in a security commit to https://github.com/discourse/discourse __or official Discourse plugins
  • For an issue to be marked Medium, High or Critical it must result in a commit to a Discourse owned repository that repairs said issue.

Disclosure Policy

  • Security issues always take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Exclusions

While researching, we'd like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of Discourse staff or contractors
  • Any physical attempts against Discourse property or data centers

Thank you for helping keep Discourse and our users safe!


This program crawled on the 2016-12-17 is sorted as bounty.

FireBounty © 2015-2019

Legal notices