Banner object (1)

Hack and Take the Cash !

713 bounties in database
14/12/2018
TTC | Mobile logo

250 HKN 

TTC | Mobile

TTC Connect, a lightweight wallet designed specifically for TTC, it was used to receive and send TTC safely and easily!

__Scope

In Scope

Target | Type | Severity | Reward
---|---|---|---

TTC Connect Wallet

https://itunes.apple.com/us/app/ttc-connect-wallet/id1436822085?mt=8

| iOS | Critical | Bounty

TTC Connect

https://play.google.com/store/apps/details?id=com.ttc.wallet&hl=en_us

| Android | Critical | Bounty

TTC Connect APK

https://d1u6eqogwsdivn.cloudfront.net/apk/TTC_Connect.apk

| Android | Critical | Bounty

__Rewards

Severity (CVSSv3) | Reward
---|---
Critical | 5000$
High | 2500$
Medium | 750$
Low | 250$

__Focus Area

In-Scope Vulnerabilities


We are interested in next vulnerabilities:

  • Remote code execution and stored XSS
  • Database vulnerability, SQLi
  • Privilege escalation (both vertical and horizontal)
  • Data breach
  • Authentication bypass
  • Obtaining sensitive information
  • IDOR/authorization vulnerabilities resulting in exposure of personal data.
  • Password attacks
  • Access to source code
  • Shell inclusion
  • Server Side Request Forgery (SSRF)
  • Remote code execution: e.g. through a maliciously-crafted web-site or an email
  • Local privilege escalation: e.g. situations when App allows a non-privileged user
  • Other application to gain Administrator or System rights

!Note: Current version of application operates over HTTP.

__Program Rules

  • Avoid compromising any personal data, interruption or degradation of any service .
  • Don’t access or modify other user data, localize all tests to your accounts.
  • Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks or spam.
  • In case you find chain vulnerabilities we pay only for vulnerability with the highest severity.
  • Only the first valid bug is eligible for reward.
  • Don’t disclose publicly any vulnerability until you are granted permission to do so.

  • Don’t break any law and stay in the defined scope.

  • The existence or any details of this private program must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company.
  • Comply with the rules of the program.
  • The rewards will be paid out in HKN based on the current price.
Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2019