TTC | Mobile: Program info

In-Scope Vulnerabilities

We are interested in next vulnerabilities:

• Remote code execution and stored XSS
• Database vulnerability, SQLi
• Privilege escalation (both vertical and horizontal)
• Data breach
• Authentication bypass
• Obtaining sensitive information
• IDOR/authorization vulnerabilities resulting in exposure of personal data.
• Password attacks
• Access to source code
• Shell inclusion
• Server Side Request Forgery (SSRF)
• Remote code execution: e.g. through a maliciously-crafted web-site or an email
• Local privilege escalation: e.g. situations when App allows a non-privileged user
• Other application to gain Administrator or System rights

!Note: Current version of application operates over HTTP.

• Avoid compromising any personal data, interruption or degradation of any service .
• Don’t access or modify other user data, localize all tests to your accounts.
• Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks or spam.
• In case you find chain vulnerabilities we pay only for vulnerability with the highest severity.
• Only the first valid bug is eligible for reward.
• Don’t disclose publicly any vulnerability until you are granted permission to do so.
• Don’t break any law and stay in the defined scope.
• The existence or any details of this private program must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company.
• Comply with the rules of the program.
• The rewards will be paid out in HKN based on the current price.