Banner object (1)

Hack and Take the Cash !

791 bounties in database
  Back Link to program      
12/11/2018
FanDuel logo
Thanks
Gift
Hall of Fame
Reward

Reward

100 $ 

In Scope

Scope Type Scope Name
android_application com.fanduel.android
ios_application 599664106
web_application *.fanduel.com
web_application fdbox.net
web_application fanduel.design

Out of Scope

Scope Type Scope Name
web_application support.fanduel.com
web_application fanduel.zendesk.com
web_application myaccount.fanduel.com
web_application myaccountmobile.fanduel.com
web_application sportsbook.fanduel.com
web_application partners.fanduel.com
web_application newsroom.fanduel.com

FanDuel

At FanDuel, our talented team of engineers and security specialists work non- stop to make our code as secure as possible. However, software without a single vulnerability simply does not exist in the real world. As our products evolve and technology advances, new vulnerabilities are bound to arise. Our Vulnerability Disclosure policy and partnership with HackerOne help us stay ahead of any potential problems.If you believe you've found a security issue in our product or service, we encourage you to notify us. Good luck and happy hunting!

UPDATES

05-April-19 - We have increased our bounty reward payments, with some severities being increased by as much as 50%

Hall of Fame

We believe our researchers should be acknowledged for their work. In addition to the bounty we have a FanDuel Security Hall of Fame, where researchers who have been awarded bounties are added to the Hall of Fame. The Hall of fame can be found here __

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Exclusions

While researching, we'd ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of FanDuel staff or contractors
  • Any physical attempts against FanDuel property

Mobile applications can be downloaded at:

Out of Scope

  • No findings relating to a lack of rate limiting (login, email triggering, or otherwise) will be accepted for this program
  • Missing headers
  • SPF records
  • sportsbook.fanduel.com
  • myaccount.fanduel.com
  • myaccountmobile.fanduel.com
  • newsroom.fanduel.com
  • partners.fanduel.com
  • fanduel.zendesk.com
  • support.fanduel.com

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep FanDuel and our users safe!

FireBounty © 2015-2019

Legal notices