Bug Bounty - Report a Security Vulnerability for Compensation
Report a Security Vulnerability for Compensation
eCourtDate is committed to quickly addressing all reported security issues. We will confirm and validate reports within 3 business days. Validated reports will be resolved within 10 business days.
Compensation is based on the risk rating. Payouts in crypto are made based on the conversion rate when the report is validated.
|CVSS Score||Rating||USD Rate|
|0.1 - 1.0||Very low/limited||$100|
|1.1 - 3.9||Low||$500|
|4.0 – 6.9||Medium||$1,000|
|7.0 – 8.9||High||$2,000|
|9.0 – 10.0||Critical||$4,000|
We provide professional security researchers a free developer account. Send an email to firstname.lastname@example.org with a link to your professional profile (LinkedIn, GitHub, BugCrowd, HackerOne, etc). We do not provide accounts to anonymous users.
Out of Scope
- Clickjacking on pages with no sensitive actions
- Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
- Attacks requiring MITM or physical access to a user's device
- Previously known vulnerable libraries without a working Proof of Concept
- Comma Separated Values (CSV) injection without demonstrating a vulnerability
- Missing best practices in SSL/TLS configuration
- Any activity that could lead to the disruption of our service (DoS or DDoS)
- Content spoofing and text injection issues without showing an attack vector
- Rate limiting or brute force issues
- Missing best practices in Content Security Policy
- Missing HttpOnly or Secure flags on cookies
- Missing email best practices (SPF/DKIM/DMARC etc.)
- Vulnerabilities in third-party services
- Vulnerabilities only affecting users of outdated or unpatched browsers
- Physical testing, social engineering, or any other non-technical vulnerability
- Open redirect - unless an additional security impact can be demonstrated
- Email, username enumeration
- Vulnerabilities related to autofill web forms
- Missing security headers that do not lead to direct exploitation
- Vulnerabilities that apply only to you or your own account
The scope of issues is limited to technical vulnerabilities in the *.eCourtDate.com platform. Please do not attempt to compromise the safety or privacy of our users.
The chat in the bottom left corner of any page is out of scope as it is powered by a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, interruption, or degradation of our platform.
You're about to submit a Bug Bounty / Vulnerability Disclosure report to the eCourtDate engineering team. Please provide as much information as possible about the potential issue you have discovered. The more information you provide, the quicker we will be able to validate the issue.
Minors are welcome to participate. The Children's Online Privacy Protection Act restricts our ability to collect personal information from children under 13, so you will need to claim your bounties through your parent or legal guardian if you are 12 or younger.
If legal action is initiated by a third party against you and you have complied with eCourtDate's bug bounty policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
We do not pay bug bounties for duplicate issues in the same domain and/or repo.