BugBounty.jp

Program

Total Reports:183
Total Valid Reports:83

Opened

pixiv

  Bounty Point
Program
pixiv
pixiv is an illustrators' community with over 30,000,000 registered users.
Program Logo
Program Logo
Period
2016/04/01 〜 2018/12/31
Bounty Range
¥5,000¥200,000
Rules
Only test for vulnerabilities on web application stipulated in scope section. Any vulnerabilities reported on web applications out-of-scope are not eligible for bounty rewards.

***************************************************************
This is a production environment. Do not create account more than necessary to perform tests, and please delete your account as soon as you finished your tests.
Please note that you should only perform tests against pages you created, never other users pages.
To be eligible for a bounty reward under this program you must to follow the rules stipulated above.
***************************************************************

Any vulnerability test against domains out-of-scope are explicitly prohibited.

Any violation of the Terms of the Service of the “BugBounty.jp”, and/or performance of DoS (Denial of Service)attack or equivalent act that can degrade the performance of our service are also explicitly prohibited.

***************************************************************

In addition to items listed in "Not Eligible For Bounty" section, below are out of scope for our program.

* Lack of security headers without an actual attack scenario
* Phishing attack via registration email (e.g. making username a URL)
* Tabnabbing
* Disclosure of pixiv's numeric ID such as user ID and illustration ID (unless it compromises user privacy)
Scope
Web application
Name
pixiv services
URL
  • https://www.pixiv.net/
  • https://factory.pixiv.net/
  • https://booth.pm/
  • https://chatstory.pixiv.net/
  • https://pay.pixiv.net/
  • https://comic.pixiv.net/
  • https://sensei.pixiv.net/
  • https://sketch.pixiv.net/
Domain
  • www.pixiv.net
  • accounts.pixiv.net
  • app-api.pixiv.net
  • bungei-api.pixiv.net
  • chatstory.pixiv-app.net
  • chatstory.pixiv.net
  • comic-api.pixiv.net
  • embed.pixiv.net
  • factory.pixiv.net
  • m.pixiv.net
  • oauth.secure.pixiv.net
  • payment.pixiv.net
  • pixiv.me
  • public-api.secure.pixiv.net
  • sensei.pixiv.net
  • ssl.pixiv.net
  • booth.pm
  • *.booth.pm
iOS application
Name
pixiv PAY
URL
  • https://itunes.apple.com/app/pixiv-pay/id1261274472
Android application
Name
pixiv PAY
URL
  • https://play.google.com/store/apps/details?id=jp.pxv.pay
Eligible
For Bounty
  • Command Injection up to 200,000yen
  • Remote Code Execution up to 200,000yen
  • SQL Injection up to 150,000yen
  • Authentication up to 120,000yen
  • Cross-Site Scripting up to 80,000yen
  • Server-Side Request Forgery (SSRF) up to 50,000yen
  • XML External Entities (XXE) up to 50,000yen
  • Information Disclosure up to 50,000yen
  • Privilege Escalation up to 30,000yen
  • Cross-Site Request Forgery (CSRF) up to 30,000yen
  • HTTP Response Splitting up to 20,000yen
  • Forced Browsing up to 10,000yen
  • Open Redirect up to 10,000yen
  • Cleartext Transmission of Sensitive Information up to 10,000yen
  • Path Traversal up to 10,000yen
  • No Rate Limiting up to 10,000yen
  • Session Fixation up to 10,000yen
  • UI Redressing (Clickjacking) up to 10,000yen
  • Not Eligible
    For Bounty
  • Vulnerabilities found through automated scans or tools
  • Hypothetical or theoretical vulnerabilities without actual verification code
  • Vulnerabilities with capability of Denial of Service attack
  • Vulnerabilities with capability of brute force against password or tokens
  • Password, email and account policies, such as email id verification, reset link expiration, password complexity
  • Login/Logout CSRF
  • Missing CSRF tokens
  • CSRF on forms that are available to anonymous users (e.g. contact form)
  • Missing security headers
  • Vulnerabilities found in domains out-of-scope
  • Vulnerabilities affecting outdated browsers or platforms
  • Presence of autocomplete attribute on web forms
  • Missing secure flags on non-sensitive cookies
  • Reports of insecure SSL/TLS ciphers
  • Vulnerabilities with capability of username/email enumeration
  • Descriptive error messages (e.g. Stack traces, application or server errors)
  • Banner disclosure on servers
  • Misconfiguration of SPF record, DMARC and DKIM
  • Notes
    For eligibility details, please refer to the "Terms of Service Article 4" of this site.
    Report Bug

    Bounty Reward History

    • 2018/05/24 12:05

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/12 12:05

      ¥30,000 (30 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/12 11:57

      ¥50,000 (50 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/12 11:29

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/05 11:21

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/04/05 11:17

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/29 12:08

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/29 11:56

      ¥5,000 (5 pts) was paid for Chachi 's report

      報奨金 ポイント
    • 2018/03/29 11:52

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/29 11:46

      ¥10,000 (10 pts) was paid for Todayisnew 's report

      報奨金 ポイント
    • 2018/03/29 11:36

      ¥10,000 (10 pts) was paid for haxormad 's report

      報奨金 ポイント
    • 2018/03/27 19:23

      ¥100,000 (100 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/13 12:30

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/13 12:07

      ¥30,000 (30 pts) was paid for zer0 's report

      報奨金 ポイント
    • 2018/03/13 11:40

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2018/03/13 11:38

      ¥100,000 (100 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2018/01/18 11:48

      ¥10,000 (10 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/12/19 15:08

      ¥5,000 (5 pts) was paid for no1zy 's report

      報奨金 ポイント
    • 2017/12/19 14:46

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/12/19 14:28

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/12/19 14:20

      ¥10,000 (10 pts) was paid for zer0 's report

      報奨金 ポイント
    • 2017/12/19 14:14

      ¥5,000 (5 pts) was paid for hfukuda 's report

      報奨金 ポイント
    • 2017/11/22 14:49

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/11/22 14:42

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/11/22 14:35

      ¥50,000 (50 pts) was paid for Todayisnew 's report

      報奨金 ポイント
    • 2017/11/22 14:30

      ¥10,000 (10 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/11/22 14:25

      ¥30,000 (30 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/09/08 17:28

      ¥5,000 (5 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/08/25 12:55

      ¥5,000 (5 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/08/04 16:03

      ¥5,000 (5 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/08/04 15:51

      ¥30,000 (30 pts) was paid for Rey Mark Divino 's report

      報奨金 ポイント
    • 2017/07/28 12:24

      ¥5,000 (5 pts) was paid for Todayisnew 's report

      報奨金 ポイント
    • 2017/07/28 11:54

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/28 11:45

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/20 13:02

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/19 15:40

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/19 15:38

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/07/14 17:43

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/06/20 18:56

      ¥5,000 (5 pts) was paid for yuki540 's report

      報奨金 ポイント
    • 2017/06/20 18:49

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/06/20 18:40

      ¥100,000 (100 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/05/31 16:33

      ¥30,000 (30 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/05/31 16:23

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/04/20 16:58

      ¥5,000 (5 pts) was paid for kusano 's report

      報奨金 ポイント
    • 2017/04/20 16:46

      ¥5,000 (5 pts) was paid for ♠ Spade ♠ 's report

      報奨金 ポイント
    • 2017/03/29 17:40

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/29 17:21

      ¥30,000 (30 pts) was paid for Mramydnei 's report

      報奨金 ポイント
    • 2017/03/22 15:21

      ¥5,000 (5 pts) was paid for ♠ Spade ♠ 's report

      報奨金 ポイント
    • 2017/03/22 15:11

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/22 15:11

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/22 15:10

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/15 18:51

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/03/15 18:10

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/02/23 13:11

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/02/23 12:57

      ¥30,000 (30 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/02/23 12:46

      ¥100,000 (100 pts) was paid for hfukuda 's report

      報奨金 ポイント
    • 2017/02/23 12:25

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/02/13 19:47

      ¥10,000 (10 pts) was paid for kusano 's report

      報奨金 ポイント
    • 2017/01/27 12:03

      ¥50,000 (50 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/01/27 11:42

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/01/25 18:32

      ¥10,000 (10 pts) was paid for Private 's report

      報奨金 ポイント
    • 2017/01/24 17:42

      ¥5,000 (5 pts) was paid for uruma 's report

      報奨金 ポイント
    • 2017/01/16 17:25

      ¥5,000 (5 pts) was paid for yoneyoneyo 's report

      報奨金 ポイント
    • 2016/12/19 19:05

      ¥5,000 (5 pts) was paid for gamermount56 's report

      報奨金 ポイント
    • 2016/12/19 18:24

      ¥5,000 (5 pts) was paid for gamermount56 's report

      報奨金 ポイント
    • 2016/12/09 16:14

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/09/12 15:35

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/08/01 17:33

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/07/11 17:21

      ¥5,000 (5 pts) was paid for uruma 's report

      報奨金 ポイント
    • 2016/07/11 17:08

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/06/20 17:47

      ¥5,000 (5 pts) was paid for kusano 's report

      報奨金 ポイント
    • 2016/06/16 19:13

      ¥10,000 (10 pts) was paid for shhnjk 's report

      報奨金 ポイント
    • 2016/06/13 17:50

      ¥5,000 (5 pts) was paid for kusano 's report

      報奨金 ポイント
    • 2016/06/07 19:46

      ¥10,000 (10 pts) was paid for shinkbr 's report

      報奨金 ポイント
    • 2016/06/07 17:39

      ¥5,000 (5 pts) was paid for uruma 's report

      報奨金 ポイント
    • 2016/05/31 17:23

      ¥10,000 (10 pts) was paid for shhnjk 's report

      報奨金 ポイント
    • 2016/05/24 17:34

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/05/24 17:06

      ¥5,000 (5 pts) was paid for yujitounai 's report

      報奨金 ポイント
    • 2016/05/12 23:36

      ¥10,000 (10 pts) was paid for yujitounai 's report

      報奨金 ポイント
    • 2016/04/11 17:43

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/04/11 17:34

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/04/11 17:30

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    • 2016/04/11 17:24

      ¥5,000 (5 pts) was paid for Private 's report

      報奨金 ポイント
    Report Bug

    pixiv

    Available Program:
    1
    Closed Program:
    0
    Bounties Range:
    ¥ 5,000¥ 200,000
    Reward Type:
    Bounty Point

    Top Hackers

    ALL RANKING