Banner object (1)

Hack and Take the Cash !

800 bounties in database
  Back Link to program      
DarkMatter logo
Hall of Fame


100 $ 


DarkMatter Group is a leading Emirati technology company, focusing significantly on advanced technologies that enable smart and safe digital, including blockchain and cryptography. Since its establishment in 2015, We have developed a portfolio of solutions aimed at enhancing and securing critical infrastructure within the key sectors that underpin society: defense, intelligence, civil government, financial services, transportation, energy, and telecommunications.


For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Please be aware that injection type issues that are present on the same form/functionality, but slightly different parameters, will be treated as single issues. For instance, if ever parameter on /foo is vulnerable to XSS, only the first submission here will be reward, and all subsequent findings against this form will be considered duplicates.

NOTE: for any P1/2 type issues, please include a video PoC with your initial report, as that will help us validate in a more expedient fashion. Thanks!

Reward Range

Last updated 8 Mar 2019 17:24:16 UTC

Technical severity | Reward range
p1 Critical | $2,400 - $2,400
p2 Severe | $1,600 - $1,600
p3 Moderate | $600 - $600
p4 Low | $100 - $100

P5 submissions do not receive any rewards for this program.


In scope

Target name | Type
---|--- | Website | Website | Website

Any domain/property of DarkMatter not listed in the targets section is out of scope. This includes any/all subdomains not listed above.

Target Information:

  • This targets for this program are the production:,, and webapps.
    • Note that this is built on the Ubraco CMS; some particular points of interest include trying to access authenticated content via the api, etc.
  • When testing, please ensure you limit your testing to only non-invasive injections (e.g. when doing command execution limit to yourself to running an ls or id command, SQL injection limit to only select queries (no INSERT, DELETE etc). Proving the point is sufficient without having to go 10 layers deep.


Testing for this target will be External Only. No credentials will be provided for this assessment.

Out of Scope:

  • Any type of DoS - whether network or app level

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

FireBounty © 2015-2019

Legal notices