Banner object (1)

Hack and Take the Cash !

660 bounties in database
17/09/2018

MemoTrader Vulnerability Disclosure

In MemoTrader, everyone has a price -- the price of delivering a message to the top of the message queue. In the system there are two types of message: public and private. Private messages are direct messages between users. Public messages are messages that can be delivered to targeted groups of people.

Please note that this program is exclusively for issues relating to MemoTrader. For security reports around other Dash assets, please refer to https://bugcrowd.com/dashdigitalcash. Good luck and happy hunting!

Ratings:

This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

This is a kudos-only program - no cash bounties will be paid for bug and vulnerability reports.

This program only awards points for submissions.

Targets

In scope

Target name | Type
---|---
<https://d-msg.com/> | Website

We would like researchers to focus their attention on user authentication. We need to know how an attacker might take over another user's account. We are also interested in ways that the system can be gamed.

New users go through three phases that have escalating privileges:

  1. Guest user
  2. Registered user
  3. Confirmed user

We are particularly interested in ways that an attacker might escalate their privileges in an unauthorized manner.

Access:

Researchers are welcome to create accounts on the live site at https://memotrader.com for testing purposes.

To create a test account, use an email address beginning with "test2" like test2xx@anydomain.com. This will be tagged as a test account and will be deleted automatically after a period of time.

If a researcher would like conduct tests with deposited funds, contact MemoTrader support team and we will make arrangements.

  • https://memotrader.com/jimbursch

Focus Areas:

  • User authentication

Out-of-Scope:

  • Only issues at the memotrader.com domain are within the scope of this program.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2018