The family and seasonal store has a spacious and diverse offer: from (outside) toys, multimedia and gifts about school supplies and sports accessories to children's bedrooms and decorative material. Dreamland inspires children from 0 to 14 year and their parents, family and friends and encourages them to play together.
To make it even easier for online customers Dreamland integrated in the fall of 2016 it's new webshop in his website. That makes online shopping even easier, improves online search results and provides more visitors on the site.IMPORTANT: The websites Beenhouwerij, Dreamland, Dreambaby and Collishop partially share the same codebase. They can contain common issues. If a specific issue has already been found in another one of these websites it will be treated as a duplicate for this one.
We're interested to hear about any issue that potentially compromises our company or its user's security. Before submitting a vulnerability, make sure to check that it's not listed in our out of scope policy (which you can find below). If you have additional questions about our program feel free to contact us through intigriti's support by using the button on the right-hand side (Ask scope question).
All our rewards are impact based, therefore we kindly ask you to carefully evaluate a vulnerability's impact when picking a severity rating. To give you an idea of what kind of bugs belong in a certain severity rating we've put some examples below. Note that depending on the impact a bug can sometimes be given a higher/lower severity rating.
Exceptional (€ 5.000)
Critical (€ 2.500)
High (€ 1.500)
Medium (€ 500)
The following specific applications are in scope:
All subdomains are out of scope, except those mentioned explicitly above.
Guidelines * Provide detailed but to-the point reproduction steps * Include a clear attack scenario, a step by step guide in the PoC is highly appreciated * Abide with the "Colruyt Policy for investigation of security problems" set of rules. * Please do NOT discuss bugs before they are fixed (including PoC's on youtube and vimeo)