The family and seasonal store has a spacious and diverse offer: from (outside) toys, multimedia and gifts about school supplies and sports accessories to children's bedrooms and decorative material. Dreamland inspires children from 0 to 14 year and their parents, family and friends and encourages them to play together.
To make it even easier for online customers Dreamland integrated in the fall of 2016 it's new webshop in his website. That makes online shopping even easier, improves online search results and provides more visitors on the site.IMPORTANT: The websites Dreamland, Dreambaby and Collishop partially share the same codebase. They can contain common issues. If a specific issue has already been found in another one of these websites it will be treated as a duplicate for this one.
We do not accept any kind of brute-forcing attacks on forms.
Only the web application running at the following URL is in scope: https://www.dreamland.be
General Best practices concerns Highly speculative reports about theoretical damage. Proof it and be concrete. DDoS or any kind of Brute Forcing Attacks Publicly accessible login panels Reports that state that software is out of date/vulnerable without proven exploitable risks Vulnerabilities as reported by automated tools without additional analysis as to how they're an issue in the context of our tool * Physical or social engineering attempts (this includes phishing attacks against employees)
Infrastructure Open ports without an accompanying proof-of-concept demonstrating vulnerability Recently disclosed 0 day vulnerabilities in commercial products where no patch or a recent patch (< 2 weeks) is available. We need time to patch our systems just like everyone else - please give us 2 weeks before reporting these types of issues. * Weak SSL configurations and SSL/TLS scan reports (this means output from sites such as SSL Labs)
Exceptional: € 5.000 :
Critical: € 2.500 :
High: € 1.500 :
Medium: € 500 :
Only the web application running at the following domain is in scope: https://www.dreamland.be
Guidelines Provide detailed but to-the point reproduction steps Include a clear attack scenario, a step by step guide in the PoC is highly appreciated Abide with the "Colruyt Policy for investigation of security problems" set of rules. Please do NOT discuss bugs before they are fixed (including PoC's on youtube and vimeo)
Contact us if you want more information.