BugBounty.jp

Program

Total Reports:204
Total Valid Reports:90

Opened

pixiv

  Bounty Point
Program
pixiv
pixiv is an illustrators' community with over 30,000,000 registered users.
Program Logo
Program Logo
Period
2016/04/01 〜 2018/12/31
Bounty Range
¥10,000¥300,000
Rules
Only test for vulnerabilities on web application stipulated in scope section. Any vulnerabilities reported on web applications out-of-scope are not eligible for bounty rewards.

***************************************************************
This is a production environment. Do not create account more than necessary to perform tests, and please delete your account as soon as you finished your tests.
Please note that you should only perform tests against pages you created, never other users pages.
To be eligible for a bounty reward under this program you must to follow the rules stipulated above.
***************************************************************

Any vulnerability test against domains out-of-scope are explicitly prohibited.

Any violation of the Terms of the Service of the “BugBounty.jp”, and/or performance of DoS (Denial of Service)attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.

***************************************************************

In addition to items listed in "Not Eligible For Bounty" section, below are out of scope for our program.

* Lack of security headers without an actual attack scenario
* Phishing attack via registration email (e.g. making username a URL)
* Tabnabbing
* Disclosure of pixiv's numeric ID such as user ID and illustration ID (unless it compromises user privacy)
* Lack of rate limit

***************************************************************

We will pay a fixed amount of bounty determined by the severity category as described below.
Critical: 300,000 JPY
Example: Compromising important infrastructure or data (RCE, DB/Filesystem breach)

High: 100,000 JPY
Example: Access to user privilege with little or no restriction (Account takeover, Payment flaw, Unsandboxed stored XSS)

Medium: 50,000 JPY
Example: Limited access to user privilege (CSRF, XSS with restrictions)

Low: 20,000 JPY
Example: Limited disclosure of user data or other attacks with low overall risk (Minor information leakage, Open redirect, etc.)
Scope
Web application
Name
pixiv services
URL
  • https://www.pixiv.net/
  • https://factory.pixiv.net/
  • https://booth.pm/
  • https://chatstory.pixiv.net/
  • https://pay.pixiv.net/
  • https://comic.pixiv.net/
  • https://sensei.pixiv.net/
  • https://sketch.pixiv.net/
Domain
  • *.booth.pm
  • www.pixiv.net
  • accounts.pixiv.net
  • app-api.pixiv.net
  • bungei-api.pixiv.net
  • chatstory.pixiv-app.net
  • chatstory.pixiv.net
  • comic-api.pixiv.net
  • embed.pixiv.net
  • factory.pixiv.net
  • m.pixiv.net
  • oauth.secure.pixiv.net
  • payment.pixiv.net
  • pixiv.me
  • public-api.secure.pixiv.net
  • sensei.pixiv.net
  • ssl.pixiv.net
  • booth.pm
iOS application
Name
pixiv PAY
URL
  • https://itunes.apple.com/app/pixiv-pay/id1261274472
Android application
Name
pixiv PAY
URL
  • https://play.google.com/store/apps/details?id=jp.pxv.pay
Eligible
For Bounty
  • Remote Code Execution up to 300,000yen
  • SQL Injection up to 300,000yen
  • Command Injection up to 300,000yen
  • Authentication up to 100,000yen
  • Cross-Site Scripting up to 100,000yen
  • Privilege Escalation up to 100,000yen
  • XML External Entities (XXE) up to 50,000yen
  • Information Disclosure up to 50,000yen
  • Cross-Site Request Forgery (CSRF) up to 50,000yen
  • Server-Side Request Forgery (SSRF) up to 50,000yen
  • HTTP Response Splitting up to 20,000yen
  • Forced Browsing up to 20,000yen
  • Path Traversal up to 20,000yen
  • Cleartext Transmission of Sensitive Information up to 20,000yen
  • Session Fixation up to 20,000yen
  • UI Redressing (Clickjacking) up to 20,000yen
  • Open Redirect up to 20,000yen
  • Not Eligible
    For Bounty
  • Vulnerabilities found through automated scans or tools
  • Hypothetical or theoretical vulnerabilities without actual verification code
  • Vulnerabilities with capability of Denial of Service attack
  • Vulnerabilities with capability of brute force against password or tokens
  • Password, email and account policies, such as email id verification, reset link expiration, password complexity
  • Login/Logout CSRF
  • Missing CSRF tokens
  • CSRF on forms that are available to anonymous users (e.g. contact form)
  • Missing security headers
  • Vulnerabilities found in domains out-of-scope
  • Vulnerabilities affecting outdated browsers or platforms
  • Presence of autocomplete attribute on web forms
  • Missing secure flags on non-sensitive cookies
  • Reports of insecure SSL/TLS ciphers
  • Vulnerabilities with capability of username/email enumeration
  • Descriptive error messages (e.g. Stack traces, application or server errors)
  • Banner disclosure on servers
  • Misconfiguration of SPF record, DMARC and DKIM
  • Notes
    For eligibility details, please refer to the "Terms of Service Article 4" of this site.
    Report Bug

    Bounty Reward History

    • 2018/08/23 11:44

      ¥15,000 (15 pts) was paid for iruca3 's report

      報奨金 ポイント
    • 2018/08/23 11:43

      ¥15,000 (15 pts) was paid for iruca3 's report

      報奨金 ポイント
    • 2018/08/23 11:41

      ¥15,000 (15 pts) was paid for iruca3 's report

      報奨金 ポイント
    • 2018/08/23 11:38

      ¥15,000 (15 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/05/24 12:05

      ¥5,000 (5 pts) was paid for iruca3 's report

      報奨金 ポイント
    • 2018/04/12 12:05

      ¥30,000 (30 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/12 11:57

      ¥50,000 (50 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/12 11:29

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/05 11:21

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/05 11:17

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/29 12:08

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/29 11:56

      ¥5,000 (5 pts) was paid for Chachi 's report

      報奨金 ポイント
    • 2018/03/29 11:52

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/29 11:46

      ¥10,000 (10 pts) was paid for Todayisnew 's report

      報奨金 ポイント
    • 2018/03/29 11:36

      ¥10,000 (10 pts) was paid for haxormad 's report

      報奨金 ポイント
    • 2018/03/27 19:23

      ¥100,000 (100 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/13 12:30

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/13 12:07

      ¥30,000 (30 pts) was paid for zer0 's report

      報奨金 ポイント
    • 2018/03/13 11:40

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/13 11:38

      ¥100,000 (100 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2018/01/18 11:48

      ¥10,000 (10 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/12/19 15:08

      ¥5,000 (5 pts) was paid for no1zy 's report

      報奨金 ポイント
    • 2017/12/19 14:46

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/12/19 14:28

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/12/19 14:20

      ¥10,000 (10 pts) was paid for zer0 's report

      報奨金 ポイント
    • 2017/12/19 14:14

      ¥5,000 (5 pts) was paid for hfukuda 's report

      報奨金 ポイント
    • 2017/11/22 14:49

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/11/22 14:42

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/11/22 14:35

      ¥50,000 (50 pts) was paid for Todayisnew 's report

      報奨金 ポイント
    • 2017/11/22 14:30

      ¥10,000 (10 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/11/22 14:25

      ¥30,000 (30 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/09/08 17:28

      ¥5,000 (5 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/08/25 12:55

      ¥5,000 (5 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/08/04 16:03

      ¥5,000 (5 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/08/04 15:51

      ¥30,000 (30 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/07/28 12:24

      ¥5,000 (5 pts) was paid for Todayisnew 's report

      報奨金 ポイント
    • 2017/07/28 11:54

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/28 11:45

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/20 13:02

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/19 15:40

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/19 15:38

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/14 17:43

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/06/20 18:56

      ¥5,000 (5 pts) was paid for yuki540 's report

      報奨金 ポイント
    • 2017/06/20 18:49

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/06/20 18:40

      ¥100,000 (100 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/05/31 16:33

      ¥30,000 (30 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/05/31 16:23

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/04/20 16:58

      ¥5,000 (5 pts) was paid for kusano 's report

      報奨金 ポイント
    • 2017/04/20 16:46

      ¥5,000 (5 pts) was paid for ♠ Spade ♠ 's report

      報奨金 ポイント
    • 2017/03/29 17:40

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/29 17:21

      ¥30,000 (30 pts) was paid for Mramydnei 's report

      報奨金 ポイント
    • 2017/03/22 15:21

      ¥5,000 (5 pts) was paid for ♠ Spade ♠ 's report

      報奨金 ポイント
    • 2017/03/22 15:11

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/22 15:11

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/22 15:10

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/15 18:51

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/15 18:10

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/02/23 13:11

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/02/23 12:57

      ¥30,000 (30 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/02/23 12:46

      ¥100,000 (100 pts) was paid for hfukuda 's report

      報奨金 ポイント
    • 2017/02/23 12:25

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/02/13 19:47

      ¥10,000 (10 pts) was paid for kusano 's report

      報奨金 ポイント
    • 2017/01/27 12:03

      ¥50,000 (50 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/01/27 11:42

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/01/25 18:32

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/01/24 17:42

      ¥5,000 (5 pts) was paid for uruma 's report

      報奨金 ポイント
    • 2017/01/16 17:25

      ¥5,000 (5 pts) was paid for yoneyoneyo 's report

      報奨金 ポイント
    • 2016/12/19 19:05

      ¥5,000 (5 pts) was paid for gamermount56 's report

      報奨金 ポイント
    • 2016/12/19 18:24

      ¥5,000 (5 pts) was paid for gamermount56 's report

      報奨金 ポイント
    • 2016/12/09 16:14

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/09/12 15:35

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/08/01 17:33

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/07/11 17:21

      ¥5,000 (5 pts) was paid for uruma 's report

      報奨金 ポイント
    • 2016/07/11 17:08

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/06/20 17:47

      ¥5,000 (5 pts) was paid for kusano 's report

      報奨金 ポイント
    • 2016/06/16 19:13

      ¥10,000 (10 pts) was paid for shhnjk 's report

      報奨金 ポイント
    • 2016/06/13 17:50

      ¥5,000 (5 pts) was paid for kusano 's report

      報奨金 ポイント
    • 2016/06/07 19:46

      ¥10,000 (10 pts) was paid for shinkbr 's report

      報奨金 ポイント
    • 2016/06/07 17:39

      ¥5,000 (5 pts) was paid for uruma 's report

      報奨金 ポイント
    • 2016/05/31 17:23

      ¥10,000 (10 pts) was paid for shhnjk 's report

      報奨金 ポイント
    • 2016/05/24 17:34

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/05/24 17:06

      ¥5,000 (5 pts) was paid for yujitounai 's report

      報奨金 ポイント
    • 2016/05/12 23:36

      ¥10,000 (10 pts) was paid for yujitounai 's report

      報奨金 ポイント
    • 2016/04/11 17:43

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/04/11 17:34

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/04/11 17:30

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/04/11 17:24

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    Report Bug

    pixiv

    Available Program:
    1
    Closed Program:
    0
    Bounties Range:
    ¥ 10,000¥ 300,000
    Reward Type:
    Bounty Point

    Top Hackers

    ALL RANKING