5640 policies in database
Link to program      
CFP Time logo

CFP Time


Please note that this program does not offer rewards for bug submissions as CFP Time is just a small personal project.
This disclosure program is limited to assets in the scope found in the next section.


Scope is currently: https://www.cfptime.org

Things To Look For

  • Web application vulnerabilities (Command Injection, SSRF, CSRF, XSS, etc)
  • Security misconfigurations
  • Suggested security improvements
  • Information leakage
  • Multi-byte/binary exploitation
  • Security header configurations
  • Etc...

Automated tools are tolerated for the moment as long as you do not cause network/service disruption for me or third-parties. Testing must not cause issues for other organisations such as hosting providers, network operators or ISPs.

Disclosure Policy

Let me know of any potential vulnerabilities as soon as possible and I will make every effort to resolve the issue quickly.
Share with me the full details of any vulnerability including steps to reproduce if applicable.
Provide me a reasonable amount of time to fix the issue before disclosure to the public or a third-party.
Try to avoid degradation of service, destruction of data or privacy violations.
I will make every effort to abide by HackerOne's disclosure guidelines: https://hackerone.com/disclosure-guidelines


While researching, please do not attempt the following:

  • Denial of service (DoS)
  • Spamming
  • Phishing
  • Spoofing or hijacking
  • Man in the Middle (MiTM) or interception
  • Attacks which require physical presence on the network of a user
  • Domain name hijacking or theft
  • Account hijacking or theft
  • Cybersquatting
  • Social engineering
  • Physical/real-life attacks
  • Anything that could falsely lower the reputation of me or my website
  • Anything that could falsely get me in trouble
  • Attacks on 3rd-party systems that are out of my general control


Thank you shown at: https://hackerone.com/cfptime/thanks
Please note that this program does not provide monetary rewards for bug submissions.
Researchers who submit non-issues, false issues or purely opinion-based issues may not be thanked publicly.

Thank you for helping keep CFP Time safe and happy CFPing!

In Scope

Scope Type Scope Name


This program have been found on Hackerone on 2019-01-04.

FireBounty © 2015-2020

Legal notices