Banner object (1)

Hack and Take the Cash !

745 bounties in database
19/10/2018
Mailgun logo

Reward

100 $ 

Mailgun

Mailgun empowers developers by allowing them to easily integrate email into their applications. With our powerful API, users can build apps that send, receive, and track emails in real time using a combination of standard protocols. We work hard to keep Mailgun high performing and secure for our user community. Help us make our products even better and earn rewards by reporting potential vulnerabilities.


Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Please note that all leaked API keys found on Github are specifically excluded from the program.

Reward Range

Last updated 2 Oct 2018 19:14:22 UTC

Technical severity | Reward range
---|---
p1 Critical | $1,000 - $1,500
p2 Severe | $600 - $1,000
p3 Moderate | $200 - $600
p4 Low | $100 - $200

P5 submissions do not receive any rewards for this program.

Targets

In scope

Target name | Type
---|---
<https://app.mailgun.com> | Website
<https://signup.mailgun.com> | Website
<https://api.mailgun.net> | API

Out of scope

Target name | Type
---|---
<https://www.mailgun.com/> | Website
<https://documentation.mailgun.com> | Website

Any domain/property of Mailgun not listed in the targets section is out of scope. This includes any/all subdomains not listed above.

Access

For testing purposes, you're free to create your own accounts to do so, please sign up at https://signup.mailgun.com/new/signup with your @bugcrowdninja.com ('username'@bugcrowdninja.com) email address (for more information regarding your @bugcrowdninja email, please see this doc: https://researcherdocs.bugcrowd.com/docs/your-bugcrowdninja-email-address).

Focus Areas

Exclusions

  • Privilege escalations based our user roles
  • Findings related to Third-Party Services used by Mailgun

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2019