Banner object (1)

Hack and Take the Cash !

800 bounties in database
  Back Link to program      
14/12/2018
TTC | Mobile logo
Thanks
Gift
Hall of Fame
Reward

Reward

250 HKN 

In Scope

Scope Type Scope Name
android_application TTC Connect
android_application TTC Connect APK
ios_application TTC Connect Wallet

TTC | Mobile

TTC Connect, a lightweight wallet designed specifically for TTC, it was used to receive and send TTC safely and easily!

__Scope

In Scope

Target | Type | Severity | Reward
---|---|---|---

TTC Connect Wallet

https://itunes.apple.com/us/app/ttc-connect-wallet/id1436822085?mt=8

| iOS | Critical | Bounty

TTC Connect

https://play.google.com/store/apps/details?id=com.ttc.wallet&hl=en_US

| Android | Critical | Bounty

TTC Connect APK

https://d1u6eqogwsdivn.cloudfront.net/apk/TTC_Connect.apk

| Android | Critical | Bounty

__Rewards

Severity (CVSSv3) | Reward
---|---
Critical | 5000$
High | 2500$
Medium | 750$
Low | 250$

__Focus Area

In-Scope Vulnerabilities


We are interested in next vulnerabilities:

  • Remote code execution and stored XSS
  • Database vulnerability, SQLi
  • Privilege escalation (both vertical and horizontal)
  • Data breach
  • Authentication bypass
  • Obtaining sensitive information
  • IDOR/authorization vulnerabilities resulting in exposure of personal data.
  • Password attacks
  • Access to source code
  • Shell inclusion
  • Server Side Request Forgery (SSRF)
  • Remote code execution: e.g. through a maliciously-crafted web-site or an email
  • Local privilege escalation: e.g. situations when App allows a non-privileged user
  • Other application to gain Administrator or System rights

!Note: Current version of application operates over HTTP.

__Program Rules

  • Avoid compromising any personal data, interruption or degradation of any service .
  • Don’t access or modify other user data, localize all tests to your accounts.
  • Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks or spam.
  • In case you find chain vulnerabilities we pay only for vulnerability with the highest severity.
  • Only the first valid bug is eligible for reward.
  • Don’t disclose publicly any vulnerability until you are granted permission to do so.

  • Don’t break any law and stay in the defined scope.

  • The existence or any details of this private program must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company.
  • Comply with the rules of the program.
  • The rewards will be paid out in HKN based on the current price.

FireBounty © 2015-2019

Legal notices