FireBounty
52235 policies in database
Link to program      
2018-12-12
2020-04-07
Bug Bounty Program - BlaBlaCar logo
Thank
Gift
HOF
Reward

Reward

100 € 

Bug Bounty Program - BlaBlaCar

Bug Bounty Program - BlaBlaCar

About the company

BlaBlaCar is the world's leading community-based travel network enabling over 26 million active members per year to share a ride across 21 countries.

Our technology fills empty seats on the road, connecting members looking to carpool or to travel by bus, making travel more affordable, sociable, and convenient.

Reporting & Disclosure Policy

BlaBlaCar believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our products or services, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Please avoid DDOSing us or causing a service disruption while testing our platform. And take care of not endangering the privacy or our members.
  • Do not try to over exploit the bug and access internal data for further vulnerabilities. We will determine the severity and reward accordingly.
  • If you find the same vulnerability several times, please create only one report and eventually use comments. You'll be rewarded accordingly to your findings.

Scopes of the program

In general BlaBlaCar and BlaBlaCar Daily websites and apps are part of this bug bounty. Please refer to the detailed list of scope if you have a doubt.

However, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working POC. If that convinces us to change our code, we will reward you with a bounty.

In Scope

Scope Type Scope Name
android_application

https://play.google.com/store/apps/details?id=com.comuto&hl=en
android_application

https://play.google.com/store/apps/details?id=com.blablalines
api

https://edge.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua))
api

https://auth.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
api

https://api.blablalines.com
ios_application

https://itunes.apple.com/fr/app/blablacar-trusted-carpooling/id341329033?l=en&mt=8
ios_application

https://apps.apple.com/fr/app/blablalines-covoiturage/id1225543288
web_application

https://www.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
web_application

https://m.blablacar.(fr|de|co.uk|in|es|mx|be|hr|hu|it|nl|pl|br|pt|ro|ru|com|tr|com.ua)
web_application

https://daily.blablacar.fr
web_application

https://blablacardaily.com

Out of Scope

Scope Type Scope Name
undefined

However, though listed in the out-of-scope list, if you really feel that a bug will leave an impact on our platform, please come up with a convincing and working POC. If that convinces us to change our code, we will reward you with a bounty.
web_application

Please note that https://dev.blablacar.com is hosted by a third party and thus is out of scope.
web_application

Any website that is not listed explicitly in the scope.

This program feature scope type like api, android_application, ios_application, web_application.

FireBounty © 2015-2024

Legal notices | Privacy policy