45466 policies in database
Link to program      
2019-04-15
2019-08-06
Zaim logo
Thank
Gift
HOF
Reward

Reward

1000 ¥ 

Zaim

Rules

Only test for vulnerabilities on web application stipulated in scope section. Any vulnerabilities reported on web applications out-of-scope are not eligible for bounty rewards.


This is a production environment. Please note the following things:

  • Do not create account more than necessary to perform tests, and please delete your account as soon as you finished your tests.

  • Repetitive processing with tools are prohibited.

To be eligible for a bounty reward under this program you must to follow the rules stipulated above.


Any vulnerability test against domains out-of-scope are explicitly prohibited.

Any violation on the Terms of Service of the “BugBounty.jp” and/or performance of DoS (Denial of Service) attack or equivalent act that can degrade the performance of our service are also explicitly prohibited. ### Scope

Web applicationNameZaimURL * https://zaim.net/

Domain * zaim.net * auth.zaim.net * content.zaim.net

NameZaim(Corporate website)URL * https://zaim.co.jp

Domain * zaim.co.jp

Eligible For Bounty

  • Authentication up to 50,000yen
  • Command Injection up to 50,000yen
  • Remote Code Execution up to 50,000yen
  • SQL Injection up to 50,000yen
  • Cross-Site Scripting up to 20,000yen
  • Privilege Escalation up to 11,000yen
  • Forced Browsing up to 11,000yen
  • Cross-Site Request Forgery (CSRF) up to 9,000yen
  • Information Disclosure up to 5,000yen
  • Open Redirect up to 5,000yen

Not Eligible For Bounty

  • Vulnerabilities found through automated scans or tools
  • Hypothetical or theoretical vulnerabilities without actual verification code
  • Vulnerabilities with capability of Denial of Service attack
  • Vulnerabilities with capability of brute force against password or tokens
  • Password, email and account policies, such as email id verification, reset link expiration, password complexity
  • Login/Logout CSRF
  • Missing CSRF tokens
  • CSRF on forms that are available to anonymous users (e.g. contact form)
  • Missing security headers
  • Vulnerabilities found in domains out-of-scope
  • Vulnerabilities affecting outdated browsers or platforms
  • Presence of autocomplete attribute on web forms
  • Missing secure flags on non-sensitive cookies
  • Reports of insecure SSL/TLS ciphers
  • Vulnerabilities with capability of username/email enumeration
  • Descriptive error messages (e.g. Stack traces, application or server errors)
  • Banner disclosure on servers
  • Misconfiguration of SPF record, DMARC and DKIM
  • Invalid HTTP method

Notes

For eligibility details, please refer to the "Terms of Service Article 4" of this site.

In Scope

Scope Type Scope Name
web_application

https://zaim.net/

web_application

zaim.net

web_application

auth.zaim.net

web_application

content.zaim.net


This program can reward you in YEN, up to 50000 ¥.

FireBounty © 2015-2024

Legal notices | Privacy policy