Banner object (1)

Hack and Take the Cash !

794 bounties in database
  Back Link to program      
12/11/2018
FanDuel logo
Thanks
Gift
Hall of Fame
Reward

Reward

100 $ 

FanDuel

At FanDuel, our talented team of engineers and security specialists work non- stop to make our code as secure as possible. However, software without a single vulnerability simply does not exist in the real world. As our products evolve and technology advances, new vulnerabilities are bound to arise. Our Vulnerability Disclosure policy and partnership with HackerOne help us stay ahead of any potential problems.If you believe you've found a security issue in our product or service, we encourage you to notify us. Good luck and happy hunting!

UPDATES

05-April-19 - We have increased our bounty reward payments, with some severities being increased by as much as 50%

Hall of Fame

We believe our researchers should be acknowledged for their work. In addition to the bounty we have a FanDuel Security Hall of Fame, where researchers who have been awarded bounties are added to the Hall of Fame. The Hall of fame can be found here __

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Exclusions

While researching, we'd ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of FanDuel staff or contractors
  • Any physical attempts against FanDuel property

Mobile applications can be downloaded at:

Out of Scope

  • No findings relating to a lack of rate limiting (login, email triggering, or otherwise) will be accepted for this program
  • Missing headers
  • SPF records
  • Mixed content
  • fanduel.zendesk.com

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep FanDuel and our users safe!

In Scope

Scope Type Scope Name
ios_application

599664106

web_application

*.fanduel.com

web_application

fdbox.net

web_application

fanduel.design

web_application

com.fanduel.android.self

Out of Scope

Scope Type Scope Name
web_application

support.fanduel.com

web_application

fanduel.zendesk.com

web_application

myaccount.fanduel.com

web_application

myaccountmobile.fanduel.com

web_application

sportsbook.fanduel.com

web_application

partners.fanduel.com

web_application

newsroom.fanduel.com


This program leverage 12 scopes, in 2 scopes categories.

FireBounty © 2015-2020

Legal notices