Banner object (1)

Hack and Take the Cash !

800 bounties in database
  Back Link to program      
04/01/2019
CFP Time logo
Thanks
Gift
Hall of Fame
Reward

In Scope

Scope Type Scope Name
web_application www.cfptime.org

CFP Time

Policy

Please note that this program does not offer rewards for bug submissions as CFP Time is just a small personal project.
This disclosure program is limited to assets in the scope found in the next section.

Scope

Scope is currently: https://www.cfptime.org __

Things To Look For

  • Web application vulnerabilities (Command Injection, SSRF, CSRF, XSS, etc)
  • Security misconfigurations
  • Suggested security improvements
  • Information leakage
  • Multi-byte/binary exploitation
  • Security header configurations
  • Etc...

Automated tools are tolerated for the moment as long as you do not cause network/service disruption for me or third-parties. Testing must not cause issues for other organisations such as hosting providers, network operators or ISPs.

Disclosure Policy

Let me know of any potential vulnerabilities as soon as possible and I will make every effort to resolve the issue quickly.
Share with me the full details of any vulnerability including steps to reproduce if applicable.
Provide me a reasonable amount of time to fix the issue before disclosure to the public or a third-party.
Try to avoid degradation of service, destruction of data or privacy violations.
I will make every effort to abide by HackerOne's disclosure guidelines: https://hackerone.com/disclosure-guidelines

Exclusions

While researching, please do not attempt the following:

  • Denial of service (DoS)
  • Spamming
  • Phishing
  • Spoofing or hijacking
  • Man in the Middle (MiTM) or interception
  • Attacks which require physical presence on the network of a user
  • Domain name hijacking or theft
  • Account hijacking or theft
  • Cybersquatting
  • Social engineering
  • Physical/real-life attacks
  • Anything that could falsely lower the reputation of me or my website
  • Anything that could falsely get me in trouble
  • Attacks on 3rd-party systems that are out of my general control

Rewards

Thank you shown at: https://hackerone.com/cfptime/thanks
Please note that this program does not provide monetary rewards for bug submissions.
Researchers who submit non-issues, false issues or purely opinion-based issues may not be thanked publicly.

Thank you for helping keep CFP Time safe and happy CFPing!

FireBounty © 2015-2019

Legal notices